6 Tips To Make Your WordPress Website More Secure

Make your WordPress website more secure with these 6 tips. You can implement all of these changes by yourself simply by installing plugins that will improve your website security.

It is no secret that WordPress is the most popular Content Management System (CMS) that over 30% of all the websites on Internet rely on. The power of this incredible platform comes from the open source nature of it wherein countless talented developers contribute to its development year after year. This strength, however, can also become a weakness if left unattended. In this post we will go over some simple steps you can take to make your WordPress website more secure.

First released in 2003, WordPress started out as a blogging platform that gave all content creators a voice on the Internet. Over the next decade it evolved into much more than a blogging system and into a full on website development platform, all thanks to the talented coders contributing to its development. This open source format has been one of the biggest strengths that pushed WordPress forward and gave it a massive edge over its competitors.

It also made it vulnerable at times to attacks and left it prone to security issues. Here are 6 simple tips that will help you make your WordPress website more secure.

1. Choose a Reliable Hosting Company

Good security starts at the very bottom. Think of your hosting as your first layer of security against potential attacks. There are hundreds of hosting options out there and although it may be tempting to go with the cheapest options possible, make sure that the hosting company you choose offers multiple layers of security. A good way to achieve this is to check whether the company offers WordPress specific hosting services. From a front-end perspective you may not notice any difference between a regular hosting space and WordPress hosting. However, the magic happens in the backend where the servers are optimized for WordPress, not just for security but also for speed. To learn more about hosting options, check out my post on WordPress hosting options.

2. Install a WordPress Security Plugin

It’s a time-consuming work to regularly check your website security for malware and unless you regularly update your knowledge of coding practices you may not even realize you’re looking at a piece of malware written into the code. This is where WordPress security plugins come to the rescue. A good security plugin will take care of many things for you including malware scanning and 24/7 site monitoring. There are a number of plugins out there (both paid and free) that will do this job for you and we would need to dedicate an entire post to go through the pros and cons of each plugin so let’s just mention a few that are worth installing.

Loginizer is a great plugin that protects your website against brute force attacks. It has a free and paid version and depending on your needs, you can use either one. Sucuri is another plugin that is great for malware scanning and security hardening.

3. Install SSL Certificate

Installing an SSL certificate will secure your server-side connection. SSL protects the data in transit by encrypting it. It ensures that the data will make it from your computer to the server without being intercepted or altered. SSL becomes especially important if you are handling personal information on your website such as someone’s credit card number or other personal information. This is why SSL is an absolute necessity for e-commerce sites but it is also an important security measure for any type of website to protect it from attacks and defacing attempts.

Depending on your hosting company, you might be able to get a free SSL certificate from your provider. These days a lot of hosts are starting to offer free SSL, as it is becoming more and more an integral part of any website. Otherwise you can purchase it through your host for an annual fee.

4. Customize your WP-login URL

Every WordPress installation comes with the default www.domain.com/wp-admin login URL to get backend access. While this is easy to remember, it is also a point of vulnerability, as everyone who has worked with WordPress (including hackers) knows that this is the default access page to your website. You can simply change this URL to a custom one of your choice through a plugin such as WPS Hide Login.

5. Limit Login Attempts

Once you change your WordPress login URL, another simple measure you can take is limiting the login attempts to your website backend. This will limit the number of times a user can try different username / password combinations to get into the backend of your website. There a numerous plugins out there that will help you achieve this including WP Limit Login Attempts and Limit Login Attempts Reloaded.

6. Keep your WordPress Version Up to Date

This is probably one of the simplest things you can do to make sure your WordPress website is better protected. WordPress is always coming up with new versions that improve security, usability and other features to make it better and more secure. Depending on your hosting company, you can turn on automatic updates on the server side so that when a new version is available your website will update WordPress automatically. Note that updating WordPress is different from updating your theme and should not be confused. If your website is using a custom theme created by a third party company or developer, it will have its own updates issued periodically. Theme updates can be security related as well but they are different from the core WordPress platform updates.

These are just some of the quick measures that you can implement on your own to make your WordPress site more secure. Remember that the field of website security is constantly evolving and adapting to new trends and technologies. The security plugins you install today also evolve over time and issue their own updates to make your website more secure. Make sure to keep the plugins up to date as well as your WordPress version.

Why website speed matters for your business

Whether you are selling a product/service through e-commerce on your website or you are trying to drive traffic to your site to get potential customers to contact you, website speed is a crucial piece of the online presence puzzle.

Website speed has always been a critical measure for user experience. But often times it is overlooked to accommodate better aesthetic design, new nifty functionality or to add more content to web pages.

According to Kissmetrics, 47% of consumers expect a web page to load in 2 seconds or less.That means if your website takes more than 2 seconds to load, you could lose half of your prospective customers before you even get a chance to tell them your story.

 

Why does speed matter so much?

1. First Impression

Your website is the first impression you make on potential customers and as we all know, first impressions matter. Generally speaking, we associate speed with professionalism and efficiency. It is no different on the Internet – a fast loading website conveys reliability and promotes confidence. 79% of online shoppers say they won’t go back to a website if they’ve had trouble with load speed the first time.

2. SEO

We know Google’s obsession with speed. They are “striving to make the whole web fast”. In their quest to achieve this, they are promoting faster websites on their search rankings. They announced in 2010 that they in fact do take website load speed into account when ranking websites.

Here is the real kicker:

“Google will reduce the amount of crawlers it sends to your site if your server is slower than two seconds.”

This means if your website is slow, Google is a lot less likely to pick up your latest content update and index it on its search rankings.

It is important to mention that speed alone will not get you to the top of search rankings, however SEO is the coming together of many different moving pieces and speed is one of these pieces.

3. Conversions

Converting a visitor to a customer is essentially the reason why we have websites. We want users to visit our websites so that they can buy our product/service or contact us.

According to the same statistics published by Kissmetrics, 40% of people will abandon your site if it takes longer than 3 seconds to load. To put that in perspective, if you have 1000 visitors per month, you could lose 400 of them due to slow loading time. That is a lot of business lost…

What to do

So then what is the magic solution to website loading speed?

Much like with everything else in web presence, there is not a silver bullet that will resolve everything in one swift motion. A fast loading speed is the combination of several factors including hosting server, image sizes, number of HTTP requests, caching and other technical aspects. When using a platform like WordPress, hosting server becomes an even more important element for website speed due to the way WordPress works. Most hosting companies out there offer managed WordPress servers that are optimized for speed.

If you have any questions about website speed and how to make your website more fast contact me today.

Where should I buy my domain name and hosting?

In this post I will try to shed some light on the age-old question:
What is the best domain name & hosting provider?

Before I start a new project, I get a lot of preliminary questions from clients and one of them is always about domain name and hosting. For a lot of clients, this is such an overwhelming subject due to the number of options out there and the seemingly low differentiation of these alternatives. Clients generally take initiative and do research on it but then end up getting even more confused than they initially were.

So let’s take this step by step.

Domain Name

Let’s start with what a domain name is, as I get a lot of questions about what the difference between a domain name and hosting is. In its absolute simplest definition, a domain name is what you type into the address bar of your browser when you are visiting a website. Naturally, this needs to be a unique name for each website on the Internet. When you buy a domain name like www.example.com you are only purchasing that name; it does not come with a server space where you can store your website files.

Domain names are typically purchased on an annual basis and renewed once the term is over. All domain name providers offer an option to set your domain name to auto renewal, which helps you secure that name indefinitely (as long as your payment method is not out of date). This is a good practice, as you don’t want to lose your domain name to someone else once your term is up and you have already established a name for yourself under that domain.

Buying a domain name is a very simple transaction and there is virtually no difference where you buy your domain name. Some providers have better pricing and offer better rates if you purchase for a longer period of time. You can usually lock down a domain name for cheaper if you pay upfront for 2-3 years. If you intend to stay in business long term, I recommend this approach.

Hosting

Like I mentioned above, when you buy a domain name, you are only buying the name itself, not the web space to store your website. This is where hosting comes in. Think of hosting as your computer’s hard disk where you store all your files. Websites are essentially a collection of files and images that need to live somewhere. But it can’t just be anywhere. These spaces need to be up and running 24/7, constantly maintained and backed up to assure fast, secure and uninterrupted service. Technically speaking, anyone can turn their computer into a web server and host websites and other files on it. However, this is not practical and to do this right is quite costly. Not to mention the security risks and bandwidth issues. This is why we rely on professional hosting providers whose job is to have their servers always up and running no matter what.

Unlike buying a domain name, it does make a difference where you buy your hosting. I wrote another post about the best WordPress hosting alternatives a while ago where I compared different options based on factors such as price, load time and average rating. Your hosting affects everything from your website speed to service quality.

All hosting providers offer tiered packages for to their customers.  In my experience, most small businesses need the basic package for starters. It is always easy to upgrade if you need more bandwidth along the way. The type of hosting you need also depends on what platform you are using to power your website.

According to W3Techs, almost 30% of the Internet is powered by WordPress. This is an incredible number! And for good reason. WordPress provides a stable environment with a built in Content Management System and endless number of plugins for pretty much every need.

Over 90% of the websites that I build use WordPress. Over the years I have experimented with different hosting providers and tried a lot of options out there to see what is the best alternative. I have settled on Siteground as my go-to provider for WordPress hosting, as they offer unrivalled website speed for WordPress at an incredible price point.

Conclusion

As a general rule, I recommend that clients buy their domain name and hosting from the same place. This is not a must-do but I believe that it is good practice to have everything under one account. It makes things a lot easier to manage and make changes much quicker. Now if you already have a domain name from a different provider but would still like to buy your hosting from Siteground, you can absolutely do this.

It is also important to note that there are a lot of other domain and hosting providers out there that offer excellent service other than Siteground including GoDaddy, inMotion Hosting, Blue Host etc. All I wanted to do with this post was to provide some information based on several years of trial & error. As always if you have any questions about domain name and hosting, please feel free to contact me.