Basics of WordPress site security
In this article I will try to explain global security issues of sites on the WordPress. The basic methods of protecting websites are very simple, however, most people don’t follow them anyway.
First, let’s understand why your site becomes a victim of hackers.
When information about a vulnerability in a WordPress theme, plugin, or core appears on the Internet, hackers begin to collect a database of vulnerable sites. If, for example, your site has a plugin with a known vulnerability, then most likely your site will be included in such a database. Google helps to find vulnerable sites. For example, the query “inurl /wp-content/plugins/elementor/” will find millions of sites that use the popular “Elementor” plugin.
The first rule is to always update WordPress core, plugins and themes. Better yet, turn on automatic updates.
Themes and plugins are the main source of vulnerabilities for your site. They are developed by people with different levels of experience and often make mistakes. Of course, you most likely will not be able to do without their use, but the following recommendations should be followed:
- Delete all site themes except for the active one.
- Delete all plugins that are not in use.
- Use only the most necessary plugins.
- Do not use hacked versions of paid themes and plugins.
In addition to vulnerabilities that may be in the program code, one should not forget about one’s own negligence. Site owners often ignore password complexity rules. You are wrong if you think that your password is original and no one will guess it. Programs for choosing passwords have dictionaries with tens of millions of words. But if your password is only 4 characters, but it contains a random combination of special characters, numbers, and letters of different case, the hacker will need to check 78 million combinations. And if there are at least 10 symbols, then we are talking about tens of trillions of combinations. The numbers are impressive, but today even this does not guarantee complete security, so you should use two-factor authentication.
So the next rule is to use complex random passwords and two-factor authentication.
And finally, use the https protocol on the site. This will ensure the protection of the information you transmit to the site.
And remember, if you think that you should not worry about security because your site will not interest hackers, then this is your biggest mistake. Don’t put your site users at risk. And in other articles, I will talk in more detail about various technical points that will help protect the site.