Website Security #
Securing your WordPress website involves a number of factors and will vary from host to host. While the first thing to consider is what your host provider offers, you should not rely on that solely.
First and foremost securing your website involves a solid security strategy. Process and Procedure to address what to manage on your website. The list below provides an overview of the types of things to take into consideration:
- Good password policy – Passwords should be a minimum of 8 or more characters in length and comprised of a mix of letters (upper and lowercase), numbers and potentially special characters.
- Administrative names – Avoid using common and easily identifiable names for the administrator accounts
- Minimize the number of administrative accounts
- Firewall – Install a firewall to minimize hacking and contain brute-force attacks
- Login security – Create a policy to manage logins. Attempts, password management and how to deal with bad logins.
- Anti-Virus and Malware Scanning policy – Even websites are not immune from viruses and malware. Periodic checks are important to detect and combat breaches
WordPress allows you to install plugins to extend the functionality of your website. I’m specific avoiding naming plugins; but some common types of security plugins to consider include:
- Spam filters
- Security Auditing tools
- Anti-Virus and Malware detection and prevention
WordPress Security #
WordPress has greatly improved its security, but the best security is no good unless it’s used. Make sure a clear plan is in place to keep both your WordPress site and plugins up-to-date.