Three WordPress Tips You Have to Have to Keep Your Site Safe

by Angela Moore

I love WordPress. There I said it. Now there are surely WordPress haters out there and haters gonna hate, right? Here’s the thing. When we first opened our virtual doors, we couldn’t afford a developer so we built our site with WordPress.

I can still remember that site and even though it wasn’t as fancy as a lot of other sites, it got the job done. At this point, I think we’ve gone through at least five redesigns. Not to mention other sister sites we’ve built and taken down. I’ve decided that one main website is enough. But that’s a story for another day.

Thankfully now we have a full-time developer on staff and we’ve built dozens of sites together. I’m proud to say none of our clients’ sites have ever been hacked, although other people have come to us with that issue.

There are a couple of different ways hackers and evil-doers can hurt your site. One of the most common is injecting malware. Have you ever seen a url that looks like it’s a page on your site but is basically just a piece of spam.

Something like mydomain.com/great-cell-phone-deals or mydomain.com/-payday-loans?

This happens when your site is breached basically and it can take quite some time to clean up. So how do you prevent this? Good question. Here are three easy ways to keep your site safe.

This is something I see over and over again and makes me just wanna cry. Never EVER EVER, use the user name “admin” on your site. You’ll often hear about how important your password is and to make that difficult to guess, but not many people think about the user name. Sometimes this is just left as is because it was the default user name with the WordPress install and no one told you to change it. Other times, developers will build your site and just be too lazy to change it thinking you’ll be deleting them later anyway.

Removing the Admin User Name

Here’s what you do if you have a user name of Admin on your site. If this is your user name, set up a new user with your new user name. If you already have a second user name set up that you log in with, then skip this step.

The one thing you have to be careful about is not losing any content associated with another user. We had a client do that once so be careful here. There can be pages and/or posts that were set up by the Admin user. (this process will work if you want to delete any other user as well). You have two choices. You can look at all the pages and the posts and see which are authored by Admin and change those manually with the “quick edit” feature or you can go to the Users section in the dashboard and Delete user and attribute that content to another user. Here is a short tutorial on how to do that.

Free Plugins to Keep You Safe

Ok so now that we are sure there is no “Admin” user on the site, let’s move to a couple of security plugins you can use to keep your site safe. The first one is Wordfence. They have over a million installs and a 5-star rating so it’s safe to say (ha pun intended) that this is a great security plugin. We use it with sites we build.

Next is Limit Login Attempts, this has over 30,000 installs and a 4.5-star rating. If you do use this, you may want to turn off notifications of failed login attempts as that can get obnoxious.

Third-Party Paid Software

If you have an enterprise site and you really want to have peace of mind, I recommend Sitelock. This software will scan your site and look for issues. They’ll remove malware as well. I’ve used Sitelock in the past and they not only have a great product but their customer service is top-notch as well. I highly recommend them if you have the budget.

Well, there you have it. If you’ve ever been a victim of website security breaches you know they are no fun to fix. Better to be proactive and secure your site before you ever get hacked.

Stay safe. Have peace of mind.