NEW! Updated for 2018
Change the default admin username. Then change the password to a unique and strong password. The reason this should be done: if someone’s trying to brute-force their way into your website, they'll begin with Username = admin and try common passwords. If you've changed to something else, it's much harder for them to get in and often that's enough deterrent. A good password manager will help manage your various logins. LastPass is our recommendation.
Limit the number of login attempts allowed from any singles source within a specified period of time. This ensures that programs which attempt to hack into your site will be stopped if, say, they've attempted 3 logins and failed. You should also set the login screen so that it doesn't alert users which field that they've made a mistake with.
Another level of security, is to add Captcha to your login screen.
Regular backups is a simple thing to setup and vital to secure your WordPress website (or any website for that matter!). Store backups in a secure location, away from the website hosting server, so that if the hosting server has an issue, you can always access your backups. A daily backup of your website, will save you heartache and frustration at some point! Even if it just helps in going back to a previous version of the site, when you've messed up an edit - this can be the quickest way to recover from a mistake.
Despite how easy it is to use, WordPress is still a complex Content Management System. Keeping all the moving parts working well, requires staying on top of the updates - both core updates of WordPress and the Plugin software. We recommend you update at least weekly and update on a Staging site, so that you can test updates for any incompatibility. Don't skim over changelogs, either! These have important information about incompatibilities, the sort of stuff that can inadvertantly break your website.
If you are not using a Plugin or Theme, then delete it. This reduces the items that potentially could give hackers access to your website.
In addition - never download Themes or Plugins from unknown sources. These may contain malicious software and cause havoc in your website.
Unfortunately, hackers and spammers are a continuous online threat to ANY website. Just like computers are vulnerable to viruses and you should have anti-virus software installed as a precaution, your WordPress website should have security monitoring installed.
Excellent services are Sucuri, iThemes Security, WordFence.
Even with excellent security in place, spammers will post gratuitous comments and potentially malicious links into your comment section. Set comments to require approval before they are published, and regularly clean out the SPAM comments.
Content Management Systems like WordPress are based on a set of Databases, where all your information is stored. Regularly optimising these databases, keeps the databases clean, lean, secure and running smoothly. A cluttered database can slow down your website, pose a security risk and ultimately become corrupted.
Setup uptime monitoring on your WordPress website, together with alerts when any outage of service is detected. By doing so, you'll immediately know when your site goes offline and you'll be able to address any issue without delay. Quickly restoring your site if it goes offline, insures you won't lose any sales or customers as a result.
Know how your website is performing by keeping a watch on your Analytics and Search Console Tools. This will allow you to keep on top of any additional issues, such as crawl issues and broken links, as well as provide invaluable information to help you make informed decisions about your business.
After all, a website is a business tool, not an art project!
If this all sounds too complicated and you'd like help in taking CARE of your WordPress website, then check out our Dedicated Business CARE Plans.
Your website is critical to the success of your business, so why not get the peace of mind and certainty, that your website is always working, always secure, always protected - driving leads and customers.