SEO

Top 15 Ways To Secure A WordPress Site

Published

2 years ago

May 25, 2022

Entireweb News Bot

Thankfully, there are plenty of steps you can take to protect your WordPress website.

Start With These Easy Security Basics

When setting up your WordPress site security, there are some basic things you can do to beef up your protection.

Here are some of the first things you should implement to help protect your website.

1. Implement SSL Certificates

Secure Sockets Layer (SSL) certificates are an industry standard used by millions of websites to protect their online transactions with their customers.

Obtaining one should be one of the first steps you take to secure your website.

You can buy an SSL certificate, but most hosting providers offer them for free.

Next, use a plugin to force HTTPS redirection, which activates the encrypted connection.

This standard technology establishes an encrypted connection between a web server (host) and a web browser (client).

By adding this encrypted connection, you can ensure that all data passed between the two remains private and intrinsic.

2. Require & Use Strong Passwords

Along with obtaining an SSL certificate, one of the very first things you can do to protect your site is to use and require strong passwords for all your logins.

It might be tempting to use or reuse a familiar or easy-to-remember password, but doing so puts you, your users, and your website at risk.

Improving your password strength and security decreases your chances of being hacked.

The stronger your password, the less likely you are to be a victim of a cyberattack.

When creating a password, there are some general password best practices you should follow.

If you aren’t sure that you’re using a strong enough password, check the strength by using a free tool like this helpful Password Strength Checker.

3. Install A Security Plugin

WordPress plugins are a great way to quickly add useful features to your website, and there are several great security plugins available.

Installing a security plugin can add some extra layers of protection to your website without requiring much effort.

To get you started, check out this list of recommended WordPress security plugins.

Wordfence Security – Firewall & Malware Scan
All In One WP Security & Firewall
iThemes Security
Jetpack – WP Security, Backup, Speed, & Growth

4. Keep WordPress Core Files Updated

Keeping your WordPress up to date at all times is critical to maintaining the security and stability of your site.

Every time a WordPress security vulnerability is reported, the core team starts working to release an update that fixes the issue.

If you aren’t updating your WordPress website, then you are likely using a version of WordPress that has known vulnerabilities.

As of 2021, there are an estimated 1.3 billion total websites on the web with more than 455 million of those sites using WordPress.

Because it is so popular, WordPress is a prime target for hackers, malicious code distributors, and data thieves.

Don’t leave yourself open to attack by using an old version of WordPress. Turn on auto-updates and forget about it.

If you would like an even easier way to handle updates, consider a Managed WordPress Hosting solution that has auto-updates built in.

5. Pay Attention To Themes & Plugins

Keeping WordPress updated ensures your core files are in check, but there are other areas where WordPress is vulnerable that core updates might not protect – such as your themes and plugins.

For starters, only install plugins and themes from trusted developers.

If a plugin or theme wasn’t developed by a credible source, you are probably safer not using it.

On top of that, make sure you update your WordPress plugins and themes.

Just like an outdated version of WordPress, using outdated plugins and themes makes your website more vulnerable to attack.

6. Run Frequent Backups

One way to protect your WordPress website is to always have a current backup of your site and important files.

The last thing you want is for something to happen to your site and you do not have a backup.

Backup your site, and do so often.

That way if something does happen to your website, you can quickly restore a previous version of it and get back up and running faster.

Intermediate Security Measures To Add More Protection

If you’ve completed all the basics but you still want to do more to protect your website, there are some more advanced steps you can take to bolster your security.

7. Never Use The “Admin” Username

Because “admin” is such a common username, it is easily guessed and makes it much easier for scammers to trick people into giving away their login credentials.

Never use the “admin” username.

Doing so makes you susceptible to brute force attacks and social engineering scams.

Much like having a strong password, using a unique username for your logins is a good idea because it makes it much harder for hackers to crack your login info.

If you are currently using the “admin” username, change your WordPress admin username.

8. Hide Your WP-Admin Login Page

By default, a majority of WordPress login pages can be accessed by adding “/wp-admin” or “/wp-login.php” to the end of a URL.

This makes it easy for hackers to start trying to break into your website.

Once a hacker or scammer has identified your login page, they can then attempt to guess your username and password in order to access your Admin Dashboard.

Hiding your WordPress login page is a good way to make you a less easy target.

Protect your login credentials by hiding the WordPress admin login page with a plugin like WPS Hide Login.

9. Disable XML-RPC

WordPress uses an implementation of the XML-RPC protocol to extend functionality to software clients.

This Remote Procedure Calling protocol allows commands to be run, with data returned formatted in XML.

Most users don’t need WordPress XML-RPC functionality, and it’s one of the most common vulnerabilities that opens users up for exploits.

That’s why it’s a good idea to disable it.

Thanks to the Wordfence Security plugin, it is really easy to do just that.

10. Harden wp-config.php File

Your WordPress wp-config.php file contains very sensitive information about your WordPress installation, including your WordPress security keys and the WordPress database connection details, which is exactly why you don’t want it to be easy to access.

You can “harden” your website by protecting your wp-config.php file via your .htaccess file.

This basically means you are giving your site some extra armor against hackers.

11. Run A Security Scanning Tool

Sometimes your WordPress website might have a vulnerability that you had no idea existed.

It’s wise to use tools that can find vulnerabilities and fix them for you.

The WPScan plugin scans for known vulnerabilities in WordPress core files, plugins, and themes.

The plugin also notifies you by email when new security vulnerabilities are found.

Strengthen Your Server-Side Security

By now, you have taken all the above measures to protect your website.

However, you may still want to know if there is more you can do to make it as secure as possible.

The remaining actions you can take to beef up your security will need to be done on the server-side of your website.

12. Look For A Hosting Company That Does This

When looking for a hosting company, you want to find one that is fast, reliable, secure, and will support you with great customer service.

That means they should have good, powerful resources, maintain an uptime of at least 99.5%, and use server-level security tactics.

If a host can’t check those basic boxes, they are not worth your time or money.

One of the best things you can do to protect your site from the very get-go is to choose the right hosting company to host your WordPress website.

13. Use The Latest PHP Version

Like old versions of WordPress, outdated versions of PHP are no longer safe to use.

If you aren’t on the latest version of PHP, upgrade your PHP version to protect yourself from attack.

14. Host On A Fully-Isolated Server

Private cloud servers have a lot of advantages.

One of those advantages is that it ups your security.

All cloud environments require a strong combination of antivirus and firewall protection, but a private cloud runs on specific physical machines, making its physical security easier to ensure.

On top of security, a fully-isolated server has other perks such as very high uptime and easy integration of managed hosting.

Looking for the perfect cloud environment for your WordPress website?

Look no further.

With InMotion Hosting’s Managed WordPress Hosting you get server-to-server migrations, safer upgrading, on-the-fly security patching, and industry-leading speed all rolled into one.

15. Use A Web Application Firewall

One of the final things you can do to add extra security measures to your WordPress website is to use a web application firewall (WAF).

A WAF is usually a cloud-based security system that offers another layer of protection around your site.

Think of it as a gateway for your site.

It blocks all hacking attempts and filters out other malicious types of traffic, like distributed denial-of-service (DDoS) attacks or spammers.

WAFs usually require monthly subscription fees, but adding one is worth the cost if you place a premium on your WordPress website security.

Make Sure Your Website & Business Is Safe & Secure

If your website is not secure, you could be leaving yourself open to a world of hurt.

Thankfully, securing a WordPress site doesn’t require too much technical knowledge as long as you have the right tools and hosting plan to fit your needs.

Instead of waiting to respond to threats once they happen, you should proactively secure your website to prevent security issues.

That way, if someone does target your website, you are prepared to mitigate the risk and go about your business as usual instead of scrambling to locate a recent backup.

Get WordPress Hosting that is secure and fully isolated with free SSL, dedicated IP address, free backups, automatic WordPress updates, DDoS protection, and WAF included.

Learn more about how Managed WordPress Hosting can help protect your website and valuable data from exposure to hackers and scammers.

!function(f,b,e,v,n,t,s)
{if(f.fbq)return;n=f.fbq=function(){n.callMethod?
n.callMethod.apply(n,arguments):n.queue.push(arguments)};
if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version=’2.0′;
n.queue=[];t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)[0];
s.parentNode.insertBefore(t,s)}(window,document,’script’,
‘https://connect.facebook.net/en_US/fbevents.js’);

if( typeof sopp !== “undefined” && sopp === ‘yes’ ){
fbq(‘dataProcessingOptions’, [‘LDU’], 1, 1000);
}else{
fbq(‘dataProcessingOptions’, []);
}

fbq(‘init’, ‘1321385257908563’);

fbq(‘init’, ‘164237177383067’); // custom pixel

fbq(‘track’, ‘PageView’);

fbq(‘trackSingle’, ‘1321385257908563’, ‘ViewContent’, {
content_name: ‘secure-wordpress-site-inmotion-spcs’,
content_category: ‘digital sponsored-post web-development wp’
});

Related Topics:secure Site top Ways WordPress

Up Next

7 Ways To Tweak Your Content For Better SEO

Don't Miss

16 Announcements From Google Marketing Live 2022

Click to comment

You must be logged in to post a comment Login

SEO

Google March 2024 Core Update Officially Completed A Week Ago

Published

13 hours ago

April 27, 2024

Max

Google has officially completed its March 2024 Core Update, ending over a month of ranking volatility across the web.

However, Google didn’t confirm the rollout’s conclusion on its data anomaly page until April 26—a whole week after the update was completed on April 19.

Many in the SEO community had been speculating for days about whether the turbulent update had wrapped up.

The delayed transparency exemplifies Google’s communication issues with publishers and the need for clarity during core updates

Google March 2024 Core Update Timeline & Status

First announced on March 5, the core algorithm update is complete as of April 19. It took 45 days to complete.

Unlike more routine core refreshes, Google warned this one was more complex.

Google’s documentation reads:

“As this is a complex update, the rollout may take up to a month. It’s likely there will be more fluctuations in rankings than with a regular core update, as different systems get fully updated and reinforce each other.”

The aftershocks were tangible, with some websites reporting losses of over 60% of their organic search traffic, according to data from industry observers.

The ripple effects also led to the deindexing of hundreds of sites that were allegedly violating Google’s guidelines.

Addressing Manipulation Attempts

In its official guidance, Google highlighted the criteria it looks for when targeting link spam and manipulation attempts:

Creating “low-value content” purely to garner manipulative links and inflate rankings.
Links intended to boost sites’ rankings artificially, including manipulative outgoing links.
The “repurposing” of expired domains with radically different content to game search visibility.

The updated guidelines warn:

“Any links that are intended to manipulate rankings in Google Search results may be considered link spam. This includes any behavior that manipulates links to your site or outgoing links from your site.”

John Mueller, a Search Advocate at Google, responded to the turbulence by advising publishers not to make rash changes while the core update was ongoing.

However, he suggested sites could proactively fix issues like unnatural paid links.

Mueller stated on Reddit:

“If you have noticed things that are worth improving on your site, I’d go ahead and get things done. The idea is not to make changes just for search engines, right? Your users will be happy if you can make things better even if search engines haven’t updated their view of your site yet.”

Emphasizing Quality Over Links

The core update made notable changes to how Google ranks websites.

Most significantly, Google reduced the importance of links in determining a website’s ranking.

In contrast to the description of links as “an important factor in determining relevancy,” Google’s updated spam policies stripped away the “important” designation, simply calling links “a factor.”

This change aligns with Google’s Gary Illyes’ statements that links aren’t among the top three most influential ranking signals.

Instead, Google is giving more weight to quality, credibility, and substantive content.

Consequently, long-running campaigns favoring low-quality link acquisition and keyword optimizations have been demoted.

With the update complete, SEOs and publishers are left to audit their strategies and websites to ensure alignment with Google’s new perspective on ranking.

Core Update Feedback

Google has opened a ranking feedback form related to this core update.

You can use this form until May 31 to provide feedback to Google’s Search team about any issues noticed after the core update.

While the feedback provided won’t be used to make changes for specific queries or websites, Google says it may help inform general improvements to its search ranking systems for future updates.

Google also updated its help documentation on “Debugging drops in Google Search traffic” to help people understand ranking changes after a core update.

Featured Image: Rohit-Tripathi/Shutterstock

FAQ

After the update, what steps should websites take to align with Google’s new ranking criteria?

After Google’s March 2024 Core Update, websites should:

Improve the quality, trustworthiness, and depth of their website content.
Stop heavily focusing on getting as many links as possible and prioritize relevant, high-quality links instead.
Fix any shady or spam-like SEO tactics on their sites.
Carefully review their SEO strategies to ensure they follow Google’s new guidelines.

SEO

Google Declares It The “Gemini Era” As Revenue Grows 15%

Published

1 day ago

April 26, 2024

Max

Alphabet Inc., Google’s parent company, announced its first quarter 2024 financial results today.

While Google reported double-digit growth in key revenue areas, the focus was on its AI developments, dubbed the “Gemini era” by CEO Sundar Pichai.

The Numbers: 15% Revenue Growth, Operating Margins Expand

Alphabet reported Q1 revenues of $80.5 billion, a 15% increase year-over-year, exceeding Wall Street’s projections.

Net income was $23.7 billion, with diluted earnings per share of $1.89. Operating margins expanded to 32%, up from 25% in the prior year.

Ruth Porat, Alphabet’s President and CFO, stated:

“Our strong financial results reflect revenue strength across the company and ongoing efforts to durably reengineer our cost base.”

Google’s core advertising units, such as Search and YouTube, drove growth. Google advertising revenues hit $61.7 billion for the quarter.

The Cloud division also maintained momentum, with revenues of $9.6 billion, up 28% year-over-year.

Pichai highlighted that YouTube and Cloud are expected to exit 2024 at a combined $100 billion annual revenue run rate.

Generative AI Integration in Search

Google experimented with AI-powered features in Search Labs before recently introducing AI overviews into the main search results page.

Regarding the gradual rollout, Pichai states:

“We are being measured in how we do this, focusing on areas where gen AI can improve the Search experience, while also prioritizing traffic to websites and merchants.”

Pichai reports that Google’s generative AI features have answered over a billion queries already:

“We’ve already served billions of queries with our generative AI features. It’s enabling people to access new information, to ask questions in new ways, and to ask more complex questions.”

Google reports increased Search usage and user satisfaction among those interacting with the new AI overview results.

The company also highlighted its “Circle to Search” feature on Android, which allows users to circle objects on their screen or in videos to get instant AI-powered answers via Google Lens.

Reorganizing For The “Gemini Era”

As part of the AI roadmap, Alphabet is consolidating all teams building AI models under the Google DeepMind umbrella.

Pichai revealed that, through hardware and software improvements, the company has reduced machine costs associated with its generative AI search results by 80% over the past year.

He states:

“Our data centers are some of the most high-performing, secure, reliable and efficient in the world. We’ve developed new AI models and algorithms that are more than one hundred times more efficient than they were 18 months ago.

How Will Google Make Money With AI?

Alphabet sees opportunities to monetize AI through its advertising products, Cloud offerings, and subscription services.

Google is integrating Gemini into ad products like Performance Max. The company’s Cloud division is bringing “the best of Google AI” to enterprise customers worldwide.

Google One, the company’s subscription service, surpassed 100 million paid subscribers in Q1 and introduced a new premium plan featuring advanced generative AI capabilities powered by Gemini models.

Future Outlook

Pichai outlined six key advantages positioning Alphabet to lead the “next wave of AI innovation”:

Research leadership in AI breakthroughs like the multimodal Gemini model
Robust AI infrastructure and custom TPU chips
Integrating generative AI into Search to enhance the user experience
A global product footprint reaching billions
Streamlined teams and improved execution velocity
Multiple revenue streams to monetize AI through advertising and cloud

With upcoming events like Google I/O and Google Marketing Live, the company is expected to share further updates on its AI initiatives and product roadmap.

Featured Image: Sergei Elagin/Shutterstock

SEO

brightonSEO Live Blog

Published

2 days ago

April 25, 2024

Entireweb News Bot

Hello everyone. It’s April again, so I’m back in Brighton for another two days of ~~sun~~, sea, and SEO!

Being the introvert I am, my idea of fun isn’t hanging around our booth all day explaining we’ve run out of t-shirts (seriously, you need to be fast if you want swag!). So I decided to do something useful and live-blog the event instead.

Follow below for talk takeaways and (very) mildly humorous commentary.