Are you concerned about the security of your website or blog based on the WordPress content manager? This is a common headache for all our Premium web hosting customers, but if we know something at PlusPlus Hosting is that protection begins with you, so we are going to give you tips to protect yourself.

With over 15 years experience working in the technology area and Premium web hosting, managing thousands of accounts for our clients, we still learn more and more every day about human behavior in technology platforms. WordPress is the number one content manager in the world and therefore thousands of our users are turning to it to publish content for their websites.

Once installed the concerns about security begins. Something that you should understand when managing your website, whether through our Premium web hosting services or any other company, is that regardless of the protective measures the company takes or the hours spent recovering your website after an attack, the main defense starts with you.

Our support staff has served many customers and answered lots of questions, offered tutorials and gave advices on the subject. But usually, the biggest problem is always the same: creating passwords.

Now let’s start with some tips to better protect the integrity of your WordPress based website.

Select a complex Username and Password

A good password is useful, but so is selecting a good username for the administrator. No matter how good the security of a platform is, if your username and password match, things will get ugly.

This is an endemic disease on Internet, no matter whether for websites, email accounts or social networks, 90% of cases of attacks by hackers are related to low security passwords.

Earlier this year the website Gizmodo revealed the 25 most commonly used passwords on the Internet according to SplashData and the results are alarming with 123456 topping the list, followed by password, 12345, 12345678 and qwerty completing the top 5.

Similarly, the vast majority of WordPress site administrators leave the default username “admin”. That makes 50% easier the work of anyone who tries to attack your website. Moreover, passwords, as recommended elsewhere, must contain uppercase and lowercase letters, as well as special characters to increase their protection.

What is a complex password? One containing between 8 and 12 characters, an example would be this: *{H$7bIAVEJ!. Using complicated usernames and passwords, and changing them from time to time will greatly enhance the security of your website.

Change the wp-config.php route

Another layer of security you can add to your website is to move the location of the wp-config.php file, which is where the access credentials to MySQL database and WordPress keys reside, to a higher level, where it can not be accessed through the web. This will be explained in more detail on another occasion.

Additional HTTP protection in the administration section of WordPress

To add another layer of security, we recommend using the function of “Protecting folders” on cPanel, if you use this environment. By protecting this folder, you would be required to provide a username and password, which should not be the same as the cPanel or WordPress, as previously advised.

Restrict access via IP addresses

If your IP address is fixed, this is an excellent additional security layer, however, if your ISP gives you a dynamic IP, it will not help you. A WordPress administrator can access and edit the .htaccess file within “wp-admin” folder in your installation. With just a few lines of code in this file or in the root directory, you can block any attempt to access from IP addresses not allowed. We’ll delve into this on another time.

Using a Plugin protection

If you don’t have advanced technical knowledge, one of the hundreds of available plugins at WordPress can help you. A good option is “SiteGuard”, a plugin which includes several interesting options such as IP blocking, changing the path to the administrator, protection and blocking of failed login attemps, among others.

Consider your local environment

A very important consideration is to pay attention to your surroundings. You must consider the condition of the PC you use, where you use it and the people around you. Many of the non authorized access to your WordPress are due to the presence of Trojans or any other Malware on the PC you’re using and even people spying on your shoulder. It may seem obvious, but you’ll be surprised at the number of attacks that occur for this.

Use secure browsers

Using clean and safe browsers is always something you should consider. For example, do not access your WordPress administrator within a few minutes from browsing through a suspicious site. Using the Safe Browsing option on modern browsers is always recommended. Likewise, our Premium web hosting offers to install SSL certificates in your domain. Do not hesitate, this investment will save you a lot of headaches and it’s something that search engines encourages you to do.

Constantly update your WordPress

This may sound like an obvious advice, but many users overlook it. While WordPress is a platform with a proven track record, its developers actively review it and updated it. Among thousands of lines of code there are always some vulnerabilities and when detected, they are corrected. Keeping your WordPress, plugins and themes updated will give you peace of mind. If you don’t want to constantly update it manually, you can always enable automatic updates.

If you don’t use it, delete it

When WordPress is installed, it includes some default themes and plugins. If you are not using them, it’s better to remove them. First, because they take up space in your hosting and also can be a safety hazard if left alone for too long and, as explained above, not updated. If something is not necessary, better delete it and don’t take risks.

Remember, no matter the quality of your Premium web hosting platform or how secure WordPress is, security begins with you.