Securing WordPress isn’t a chore with the right tools. But before we get to the tools (I know, you were hoping for a cure-all plugin?) let’s start with the boring stuff.
Your WordPress Password
Yes, you’ve got to have a good one. WordPress makes this easy. It tells you how complex your password is when you enter it.
And everyone else has to have a good one. Don’t let the boss have the crap password just because they’re boss. All passwords must be secure.
Clean Up Old WordPress Users
If you’ve got users you don’t need, get rid of them. It’s much easier to administer a tidy site. Rather than police old passwords, just remove old users.
Update Your WordPress
Updating WordPress files, your theme files and plugins is essential. Pretty much every WordPress site I’ve seen hacked as been seriously old. Keep updated to avoid exposing your site to necessary risk.
If you have a single site you may wish to update it yourself. If you have mutplie sites then take a look at Main WP. It takes the hassle out of managing WordPress by giving you central platform to secure, update and back up your WordPress sites.
Okay, Now The Plugins
There are tonnes of options and we’ve tried many. Rather than give you pros and cons of various plugins, we’ll list a few we use and recommend.
Backing up is essential. We advise you keep multiple offsite version of your website. We back up all WordPress websites to an Amazon AWS account. In a worst-case scenario (server blows up and disappears from the face of the earth) we can recover all websites from Amazon.
iThemes Security Pro
This is a good all-round security plugin. It starts with an audit to identify issues you need to address. It’ll prevent repeated attempts to login, notify you when there are problems, and the Pro version will do malware scanning.
Two Factor Authentication
Two factor authentication is a necessary evil. Sure it’s a pain in the arse but it sure beats getting hacked. We use this free plugin:
That Wasn't So Hard
There’s more to WordPress security than what we’ve mentioned here but follow these steps and you’re 99% home already. Of course, if you don’t want to maintain your own site, talk to you should contact us. We’ll do all of the above and more for $40 per month.