An Easy Guide to WordPress Security

WordPress Security is not something you should ignore. Keeping your website secure is very important; not only to protect your customer’s data but to ensure you can provide your customers with the service they expect. This blog post will look at some of the key points you should be aware of when it comes to WordPress security.

Regular Software Updates (including WordPress!)

As a website owner, your most priority should always be to ensure that you are running the latest and greatest versions of all software your website relies on – for example; WordPress, all themes, plugins, and any other scripts your site uses.

Protect Your Website Code & Database

Hackers can use something as simple as a web form to find vulnerabilities in your code and then exploit these insecurities to make it act unusually. It will lead to many problems for you and your website (none of which you want).

An example of this is an insecure contact form script on your website. Most websites have a “contact us” page, with a similar kind of form on it where visitors input their name, email address, telephone number, and a short message/enquiry – which is then emailed to you, or entered into a CRM system. If your contact form does not have CAPTCHA protection already, that’s an excellent place to start.

Your form inputs (the boxes where people can enter data); especially when results are submitted to a database; should be clean. Cleaning inputs (and we don’t mean with hot soapy water!) will help prevent SQL Injections in your database. If your contact form submits data directly into a database, it’s a good idea to clean the input before putting it into your query.

It’s good practice for the developer of the form to implement it from the start; however, if this is not the case for your contact forms – you should seek assistance from your website developer.

Monitoring Blog Comments

WordPress is excellent, we love it. However, straight out of the box, it’s not secure (and neither is most other open-source blogging software). Further steps need to be taken to prevent bots from attacking the comments sections on your lovely new blog post!

In WordPress, there’s a couple of neat website security features under ‘Settings’ then ‘Discussion’ which let you apply to filter to comments automatically. You can filter out specific comments by name, email, domain name, IP address and even the content of the comment; or add the same phrases to the blacklist, and they will be sent straight to the trash. You can use these features to prevent spam submissions of web addresses, and inappropriate content by filtering out keywords and formations to should stop anyone from abusing your comment boxes.

Make Error Messages Simplistic

If you can modify the error messages on your website – try to keep them as simple as possible. You will want to avoid giving away the full error as this can be used by attackers to find vulnerabilities in your software or script. It’s best practice to keep the message short, sweet and user-friendly. “Something went wrong” along with some useful links to continue browsing your website should suffice.

Two Factor Authentication (2FA) & User Validation

When users are logging in – make sure you pass validation checks to verify their identity and lower the risk of attacks on compromised accounts. There are many ways to validate users, two of the most popular are CAPTCHA Protection and Two Factor Authentication (2FA for short).

Using Two Factor Authentication (2FA) is becoming more and more popular among the technology industry, social media and banking sites to confirm the users’ identity with a text message, email or time based token.

These methods are becoming increasingly popular and are pretty simple to add to your existing website. There are many free and paid modules and plugins available for a range of different software which bring this additional security to the table and offer reassurance to your users that you are protecting them, and their information as much as possible. It will go a long way to building trust in your business website.

HTTPS / SSL

SSL Certificates encrypt the connection between the customers’ web browser and your web server for better security. If your website is not already using SSL and providing encrypted connections for your customers – you should make this your priority.

24/7 Expert Hosting Support Our Customers Love

Any questions? Get in touch, Our friendly team of experts will be glad to assist.

Support