I’m a big fan and proponent of WordPress. Over the years, I have personally built dozens of sites using it, but there’s always been one caveat for me: security. I’m not a Linux-using IT geek who builds his own server and all of that stuff (although I do know a couple of them for when things get scary) but I do host a number of sites for clients and feel it’s my responsibility to keep their sites clean and free from malware and hackers.

This is not a complete list of what I do to protect the websites I host, but these are things anyone who has a WordPress (.org) site can do.

1. Keep your plugins and core files updated.
   Log into your site’s admin at least once a week and update all the things that need to be updated. This icon means you have an update:
2. Turn off and delete stuff you don’t use.
   You know that awesome MySpace follower widget you installed two years ago but deactivated? Delete it. Old plugins may stop getting updated and may contain security vulnerabilities that can be used to access or take control of your site. Same goes for old themes. If they’re unused, delete them.
3. Use a real password.
   WordPress saves your log in information for you on your computer. There’s no need to be the guy or gal who got hacked because their password was ABC123. Use a strong password and save a physical (paper) backup of it somewhere safe. I use this site to automatically generate all of mine.
4. Don’t use ‘admin’ as your username.
   Used to be, WordPress didn’t let you change your username from admin. That was silly and has probably led to a lot of WP’s security issues early on since a hacker only needed to guess your password. It’s not the case anymore so change it to something else. It doesn’t have to be random or tricky, just not ‘admin’.
5. Install a good security plug in.
   This one is my favorite. With this plug in you can change your admin name, user ID (highly recommend), set regular backups, check for users accessing missing files (hackers do this to see if you have a certain weak plug in on your site), block users trying to log in incorrectly and block numerous vulnerabilities by just checking boxes and updating. It’s free, get it and keep it updated.

Any of this look overwhelming? Call us; we’re happy to help.