When building your website you must have security in mind. Yes, I know your concerns revolve about the performance of your site and how sharp it looks, but security is more important. Especially when you build a WordPress website. It’s 43% of all the websites in the world use WordPress so it’s a huge target for hackers and other bad actors. In this article I will explain how to secure your WordPress website in easy-to-follow language even a beginner can understand.
How To Secure Your WordPress Website: Start With Your Web Hosting Account
The first step on how to secure your WordPress website is to start with your web hosting account.
There are many portions of your web hosting account you need to secure:
- Login credentials
- Domain name ownership
- Domain privacy
- Name servers
- Email accounts
When it comes to the login credentials for your web hosting account your first move is to use an original password. Unfortunately, many people don’t follow this suggestion because creating a new password means another one to remember. Thus, too many people reuse a password they created for another website. Worse yet, there are too many individuals who use only one password for all of their accounts. This is a “Life Password.”
You shouldn’t reuse a password nor use a Life Password because hackers have access to password lists from previous breaches. They try these credentials at other websites to see if they are reused. Unfortunately, they are. If you are using either one of these types of passwords stop reading now and change your passwords immediately!
A great way to create an original password is to use a password manager. Not only will a password manager keep track of all your passwords and allow you to enter them easily when you go to log into a website, it has a password generator function. You can choose various options (like numbers, capital letters, and symbols) to use in your password to increase its strength.
How To Secure Your WordPress Website: Install A SSL Certificate
The second step on how to secure your WordPress website is to install a SSL certificate so you secure your site’s traffic. This way hackers can’t peep into the sensitive data sent to and from your site.
There are three types of SSL certificates you can purchase for your website:
- Domain Validated (DV)
- Organization Validated (OV)
- Extended Validation (EV)
Which one should you pick for your website? For personal websites like blogs I would go with a DV as it’s inexpensive. That’s what I use for my blogs. If you are building a business or an online website I highly suggest you choose either a OV or EV certificate. Although these will cost more and require you to submit documentation regarding the ownership of your business, they can build stronger trust with your visitors.
For my online store I went with an OV certificate. Although I had to submit a form online about my business so the security company could validate my information the process wasn’t difficult. You just have to make sure your business or organization is registered in some well-known databases beforehand. If you don’t, it will delay the issuance of your certificate.
Finally, if you’re building a web app or a website that will have a login portal for customers you also want to invest in a OV or EV certificate.
Final Tip: Secure Your WordPress Installation
The final tip on how to secure your WordPress website is to protect the files running your site.
Protecting your WordPress administrative account is critical. If hackers or scammers are able to take control over this account they can delete your website or deface it or hold it for ransom.
So how can you secure it?
Just like with your web hosting account, use an original password and enable 2FA on that account. With self-hosted WordPress, you will have to use a security plugin like WordFence or WP 2FA to do so.
Finally, do not use the default administrative user name “Admin” because that username is known by all. Thus, that’s the username hackers and bad actors will use first when they try to break into your site.
Want More Tips? Check Out My Ebook!
If you want more tips on how to secure your WordPress website I wrote an ebook that goes into more detail. And like this post it’s written in an easy-to-follow language.