With any website, the security of your information should certainly be a concern and something that you take seriously. WordPress is a great content management system, and provides a solid foundation for being secure and safe – one of the reasons we enjoy using it. There are some extra security measures that you can take though, to ensure your information stays safe, and your website free from attacks.

Last week, we learned about a brute force attack going on against WordPress sites across pretty much every host out there. The attack involves over 90,000 different IP addresses and can make your site slow significantly or even go down. You can read more about it here.

With that in mind, we have some tips for you on keeping your WordPress site safe, so read on!

Use a secure password

This is one of the most important things you can do. Use a password that has a mixture of upper and lower case letters, numbers, and special symbols like !@#$%. WordPress tells you if your password is a strong one, so aim to use something that WordPress deems is strong. Also, don’t store your password in an easily accessible place, or give it to anyone else to use. Everyone that accesses the admin panel should have their own password.

Limit login attempts

There are tons of plugins that can help with security, but a great basic that we recommend is Limit Login Attempts. As the name implies, it limits the amount of incorrect logins, not allowing any more logins from that IP address. It’s free and the installation is quick and easy!

Install a security plugin

For even more protection, you can install the Better WP Security plugin. This plugin is full of tons of great things and makes a bunch of changes based on the settings you add in there. You can limit login attempts, change the database prefix, remove error messages, and more. It’s also free, but takes a little time to sift through the settings.

Backup your site and database

Another big thing to make sure you do is to back up your site files and the database regularly. Your host may do this for you, so check with them. We love using BackupBuddy because it’s so easy to setup and allows you to backup everything with 1 click. It’s also handy if you’re moving your site to another server.

Keep your site updated

Keeping up with WordPress updates for plugins, themes, and the WordPress core are also very important. These updates usually fix security holes and offer other important updates to make sure things keep running smoothly.

Remove the admin user

Another simple but important tip, remove your admin user and use something else that isn’t quite so standard. This is another easy way for attackers to get in.

If you have any questions or concerns with WordPress security, or any tips of your own, please ask/share in the comments below! We would love to help keep you safe!