The Internet has seen many more attacks than normal at WordPress based websites this year. It’s more important than ever to make sure your WordPress website is safe and secure. Here is 6 steps that are all important, and should be done right away to secure your WordPress.
1. Update everything in your WordPress.
2. Only use passwords for your website. Reusing a password used elsewhere is not safe.
3. Remove any plugins you don’t need. JetPack is a very safe plugin and handles the task of many other plugins. JetPack does not add caching or a firewall, which is very important for all WordPress websites. Alkemist is also another very safe and essential WordPress plugin. Anything else, use with caution or remove. Here is a short list of recommended safe plugins:
- All in one migration (for moving websites)
- All in one security
- Disable comments (the red and black icon one)
- Disable New User Notifications
- Tawk.to Live Chat
We always add the free Jetpack version, All in one security, and WP-Optimize when building WordPress sites for our business and clients. They help secure it, run more reliably, and faster.
4. In your cPanel, click multiPHP and choose PHP version 7.4, It is better and more secure than any other PHP version. If your site does not work with PHP 7.4, upgrade to the highest PHP version that works with your site, or upgrade your WordPress website to work with PHP 7.4.
5. Get a new theme. Old WordPress themes and plugins are how most WordPress sites are hacked. Head over to ThemeForest or any of the thousands of active them builders for a new one, or in our download section, we have two safe newer free WordPress themes available. When looking for a new theme make sure it is recently updated (within a couple months) and if possible, check comments and feedback to see if people are having issues and that the developer is actively updating it.
6. Make a full back up in your cPanel and download it. Having local back ups is very important for many reasons. If you get hacked, it could save you the days or weeks needed to rebuild a new website or something worse. There is also WordPress backups which can be better than a cPanel backup because we can remove everything on the site and add a new WordPress and you can use the back up there. This is the safest way to restore a site after a hack. Hackers sometimes will add backdoors (a secret way back into the site) and leave them there of months. So a full cPanel back up might restore a version of the site that has an old backdoor. When a WordPress based back up probably will not.
This is the difference of CMS programs hacked and what is done.
This is very important to do now, more than one unsecure WordPress site has been hacked this week (2/26/2020) on our network. The most we have ever had.