WordPress Security

Websites, even small ones, get hacked. Quite often.

A hacked website can send spam or illegal content to others.

When a website is hacked, it takes a lot of effort to find the hacked code — and if you don’t remove the code completely, the website can become easily re-hacked.

All websites need to kept secure from hacking and spamming.

The best way to do this is to keep a backup in case it gets hacks and use security plugins to stop it.

 

Username and Password
Make them unique per website. Don’t use the same passwords for all our websites. Make them strong but easy to type — like fishdangerkite99+
Create Backups

Make regular off-site backups Move, transfer, copy, migrate, and backup a site with 1-click.

WordFence (official plugin)

The Wordfence Security Scanner lets you know if your site has been compromised and alerts you.

Use premium plugins

As much as possible, use premium and popular plugins and keep the number of plugins to a minimum – this is important for speed optimization reasons too.

Use reCAPTCHA on forms
reCAPTCHA is a technology brought out by Google. It removes the need for users to fill out extra fields like the captchas did in the past. The latest version is V3, but some sites work better with v2.
Email administration
Adding, deleting email accounts. Setting up disk space limits. Resolving email issues.
Logs administration
Websites generate logs, which may be needed by a web developer.
Security Certificate Administration
Security Certificates (SSL) that certify that a website is safe to use need to be bought and installed every 1 to 2 years — renewal should happen before users are given a warning message when they visit your website.
Use two-factor authentication

Two-factor authentication (2FA) means having a second form of authentication after the correct password has been typed in.

Can be done with WordFence.