A short while ago I decided it would be a great idea to put together some blog security tips that could help both existing and aspiring bloggers.
We came up with one question, We asked eight WordPress experts: “What are the best ways to protect a WordPress blog” Their experiences and advice provide valuable wisdom for any Bloggers.
Ivan Jurišić, Digital Marketing Strategist at WebFactory Ltd, the developers of Security Ninja, the complete WordPress security solution for beginners & professionals.
In my opinion, there are two critical parts of protecting a WordPress blog.
The first one is knowing as much as possible about WordPress and the technologies that power it up. As well as knowing what you're doing online. By constantly learning, you will be able to act safe and avoid 90% of threats simply by avoiding risky actions. Take care of your passwords and be careful when posting links to your blog.
The second part is having all the right tools. Security Ninja is a good way to start as it will be constantly watching over your site. It will also deploy a firewall which can stop bad people even before they can try to do harm. Security Ninja will be also able to scan all the files & code, and even clean suspicious files for you.
WordPress security is a continuous process and not a one time fix. So the best way to secure your WordPress blog is to:
- harden it: take care of the defaults, use strong passwords, install a firewall or use an online security service.
- Log and monitor: install WP Security Audit Log to keep a log of what everyone is doing.
- Test: Make sure you check that everything is setup correctly and test when possible.
- Improve: Improve what you have. Make sure that you address any test results and keep all your software up to date and apply any new security features your website might need.
The below is just a high level overview of the concept of WordPress security. As long as you keep on repeating the above, i.e. Harden > Monitor > Test > Improve, your WordPress site will be fine.
Robert Mening, Web Developer & Editor Behind WebsiteSetup.org
By far, the best way to protect WordPress (and the easiest way) is to keep it updated. WordPress core updates along with updates to themes and plugins are crucial for security and should be done daily. The next best way to protect WordPress is to use strong passwords and user
This includes passwords for WordPress admin and users, FTP accounts, hosting accounts, your professional email address, and more.
Why? Because the most common WordPress hacking attempts are done with stolen passwords. Not only should the passwords be strong but they should be changed frequently, at least 2-3 times per year.
These two safeguards are easy to do and most importantly are FREE! Outside of these tips, consider the security of your web host and install a backup solution.
Peter Nilsson Founder of WP Newsify
Colin Newcomer / HubSpot Inbound Certified Freelance Writer
I'm a big fan of the 80/20 rule for WordPress security. Doing a few small things right will secure your site from most negative actions. This isn't sexy, but keep everything updated, use a strong password, and secure your login page (something like Limit Login Attempts is good). Combine that with a reliable WordPress host and quality plugins/themes and your site should stay safe
This is his advice:
Safe passwords, don’t alter core, use plugins and themes from the wordpress repos only, always update them, limit login attempts and choose your host wisely.
Alister is a Software Quality Practice Lead at Automattic (WordPress.com)
This is his advice:
The best way is to simply install the Jetpack plugin which is best in class for securing and protecting your site.
Obaidullah is a Junior Pre Sales Engineer at ABBYY Australia
This is his advice:
These are some ways you can protect a WordPress blog:
- Limit Logins Based on Number of Failed Attempts
- Enable Two-Factor Authentication
- Change Your Host
- Hide Your WordPress Version Number
- Regular Backups
- Limit Access to Your Login Page
- Ensure that you have the right file permissions