WordPress is today the most popular Content Management System (CMS) in use around the world with a stunning 60.4% market share. This means that 6 out of every ten blogs around the world is powered by WordPress – from basic sites to ones run by huge companies like Walmart.
One of the reasons it has grown so popular is because it is open source, which means that many parties contribute to its development. This makes it extremely powerful and flexible since extra features can easily be added on to the core system by using modules called plugins.
Caption: Yelp, one of the most popular sites on the Internet runs its blog on WordPress
Unfortunately, because of its popularity and the fact that it is open source, WordPress sites are also frequently the target of security exploits. As with all other software, WordPress can be vulnerable in many ways, from software exploits to mistakes arising from user errors.
Today we’re going to look at some ways you can secure and speed up your WordPress site.
At the very heart of your WordPress site is the platform it runs on. The best WordPress hosting sites offer server-level security that you wouldn’t normally be able to manage on your own. For example, they can perform server hardening to secure the environment you host in, as well as protect you with multiple layers of firewalls and help with intrusion prevention.
A good WordPress host will also use good equipment which means your site is likely to be faster and safer on their servers. When choosing a secure web hosting service provider, always look for one which is reputable and can fit your needs.
Some of the better WordPress hosting providers I have seen include WPWebHost.
2. Hide Your Login Page
Most hackers will usually use bots to scan servers and identify WordPress sites which make use of default settings. For example, the WordPress admin login page is usually located at a fixed address – and when found, the hacker will try to force his way in using a variety of tools.
To prevent this, change the default admin login page for your WordPress site. A quick and easy way to do this is by using a plugin such as WPS Hide Login. This plugin lets you easily change your default admin address so the it may miss automated scans.
3. Use Strong Passwords
One of the most common ways hackers try to gain access to WordPress sites is by using a technique called the brute force attack. Using a bot armed with a dictionary of commonly used passwords, the hacker will keep trying to login to your site until it finds the right password.
To prevent this, avoid easy-to-guess passwords like ‘password’ or other common words. Ideally, use a long password which is comprised on upper and lowercase characters along with numerals and special characters.
Here are some examples of strong passwords;
- HappyDay1555@
- ^108FindHim!
- Th1sIsALongP455word!
4. Ensure Your WordPress is Kept Up to Date
When I mentioned software vulnerabilities earlier, this refers to errors which developers made during the building process for the software. These types of mistakes may lead to weaknesses in WordPress and when found, developers will usually update the software to fix the vulnerability.
Hackers tend to exploit known weaknesses, so always ensure that your WordPress version is kept up to date. This goes for any plugins which you may be using as well. Each plugin is developed separately, so you will have to do upgrades for each of them. A good WordPress host will often have some tools which you can use to keep things updated easily.
5. Use a Good Security Plugin
Aside from the configuration, you can do on your own, there are many good security plugins in the market which you can use – some of them have free versions as well. This will give you at least a level of security that is a step up from not using anything at all.
Caption: Wordfence gives you good at-a-glance security statistics for your site as well
One good example is the Wordfence security plugin. Wordfence helps you secure your site on so many levels that it is unbelievable that they offer a free version which anyone can use. I personally make use of this plugin and it has prevented so many attacks on my site.
Some of the things Wordfence can do to help secure your site is to enable 2FA authentication, limit login attempts, let you customize a software firewall, limit the rate of requests your site receives and more.
6. Use a Content Distribution Network (CDN)
A CDN helps in both security as well as speed for your WordPress sites. By serving your site content through a global network of serves, your content can be made available more quickly to anyone around the world.
A CDN caches content in proxy servers that are located closer to end users than origin servers.
Because requests for your site go through the CDN first, it also serves as the first line of defence in the case of attacks such as Distributed Denial of Service (DDoS). This prevents your site from getting overloaded since the CDN will absorb the brunt of any DDoS attack. Some CDNs also have a free version you can use, for example Cloudflare.
Conclusion
Although only scraping the tip of a very large iceberg, these security and speed tips should be enough for you to get a foot off the ground. By following security best practices and making use of good tools which are available, you can be proactive in ensuring that your site is always available to your visitors.
Remember, speed and security are two of the things your site visitors have a right to expect, even from a free site. By ensuring that at least basic requirements are being met, you will also save yourself a lot of headaches (and heartache) down the road. Once your WordPress site is compromised, it is often very difficult to regain control over your site.
