VIDEO: 3 Ways To Tighten Up Your WordPress Website Security

by | Apr 10, 2019 | The Internet

There are a few simple things you can do to keep your WordPress website secure. Although these are simple, they are often overlooked and neglected by business owners

If you ignore giving your website the care and attention it needs, you’re just asking for trouble.  

This is by no means an exhausted list that will protect you from all security vulnerabilities on your website; however, doing these three things will give you a good foundation

Alright, let’s get into the list.  

You may also be interested in: How To Protect Your Company From Email Scams

 

#1: Use HTTPS Not HTTP — Buy An SSL Certificate 

First, an SSL Certificate is not specific to WordPress. All websites should have an SSL Certificate to encrypt website user activity.

Without an SSL Certificate, your website can become a victim to man-in-the-middle attacks. This is where someone eavesdrops on activity between a website visitors browser and your website server.

For example…

Imagine you’re in the far east side of a crowded large ballroom. A friend of yours is in the far west side of this same ballroom. Nobody in the room is talking, the room is silent. Your friend and you are yelling back and forth having a conversation for all others to hear. All of the people in the middle are intercepting your communication.

And, because you’re speaking a language they can understand, they know exactly what you’re saying. 

Now, imagine you’re having this same conversation; however, you’re now using a seemingly random language that nobody can understand. The message appears scrambled to all who are eavesdropping on your discussion. So, although there are still people intercepting your message, they’re not able to understand it.    

An SSL Certificate is like this random language scrambler that keeps eavesdroppers from being able to understand your website communication. So, if your website does not have an SSL Certificate, and a website visitor fills out a contact form on your site, all of that information could be captured by someone eavesdropping.

Now, let’s say you have an SSL Certificate. In this same example, someone can still eavesdrop; however, all of the information being passed between the website visitor’s web browser and your website is encrypted. This means that the man-in-the-middle attacker would need to be able to decrypt the message—which is highly unlikely.

Want to learn more about SSL, take a look at this video and article I put together.

 

#2: Update Your WordPress Theme 

Assuming your WordPress Theme is still actively being maintained by the developers, you’ll need to periodically check for updates. And, if your theme isn’t actively being maintained, it’s time to look for a new theme.

All WordPress updates (WordPress software, Themes, and Plugins), can be found under Dashboard -> Updates

In the screenshot below, WordPress is up-to-date, so there are no updates to install. There are five plugins that need to be updated. And, the Divi theme also needs to be updated.

We’ll talk about plugin updates and WordPress updates next.  

#3: Update Your WordPress Plugins  

WordPress makes it obvious when you have a plugin ready to be updated. When you click on Plugins, you’ll then go to the page where you’ll see a highlighted section within each plugin telling you about the new version—as you can see in the screenshot below.

Or, you can also follow the instructions in #2 above by clicking on Dashboard -> Updates.

It’s important to monitor your plugins and ensure you’re keeping them up-to-date. 

With this said, use caution…

Although it’s rare, updating a plugin can cause issues with your website. So, it’s best practice to upgrade plugins at a time when your website traffic is limited. And, if you happen to have the luxury of a test or staging environment, update your plugins there first.

Finally, beware of plugins that don’t provide updates. Without updates, plugin vulnerabilities will not be fixed. If you do find that one of your plugins isn’t being actively updated, look for a replacement

 

BONUS: Don’t Forget To Keep WordPress Itself Up-To-Date

Just as your theme and plugins need to be updated, the underlying WordPress software itself needs to be kept up-to-date. You don’t necessarily need to be on the cutting edge (i.e. you don’t need to take a WordPress update immediately when it’s released); however, you need to update on a regular basis.

As you saw in the screenshot from item #1 above, you can check for WordPress updates by going to Dashboard -> Updates. 

Take Action 

Okay, now set yourself a recurring reminder on your calendar to check WordPress, your theme, and your plugins for updates. As for the SSL Certificate, if you don’t already have one for your site, get that taken care of today.

Have any questions? Don’t hesitate to reach out. 

Ryan has been heavily involved in the world of Information Technology and entrepreneurship since the early 2000s. From small business consulting to Fortune 500 IT leadership, Ryan has a wide array of industry knowledge. He earned his BBA from the University of Iowa in 2004 majoring in Management Information Systems and later earned his MBA from the University of Iowa in 2009 with a focus on Management and Marketing. When he's not spending time with his wife and three young children, you'll find Ryan pounding away at his keyboard, spinning on his Peloton, or listening to a good audiobook or podcast.

Connect with Ryan on Twitter or Instagram.

Ryan Glick

Co-Founder, Pixelayn Innovations

Ryan has been heavily involved in the world of Information Technology and entrepreneurship since the early 2000s. From small business consulting to Fortune 500 IT leadership, Ryan has a wide array of industry knowledge. He earned his BBA from the University of Iowa in 2004 majoring in Management Information Systems and later earned his MBA from the University of Iowa in 2009 with a focus on Management and Marketing. When he's not spending time with his wife and three young children, you'll find Ryan pounding away at his keyboard, spinning on his Peloton, or listening to a good audiobook or podcast.

Connect with Ryan on Twitter or Instagram.

Ryan Glick

Co-Founder, Pixelayn Innovations