10 ways financial advisors can increase their WordPress site security Article added by Chris Marentis on July 14, 2014
Chris Marentis

Chris Marentis

Herndon, VA

Joined: December 15, 2010

My Company

Numerous small and medium businesses (SMBs) think they will be safe from cyber crime simply on the basis of their size alone. However, cyber criminals often look for the easy targets. A WordPress site with a free theme might in fact be the perfect target for hackers. Fortunately, there are 10 easy things you can do to improve your WordPress site security. After all, this simple process can yield a high return on investment by eliminating threats that can ruin your business.

1. Use a quality hosting service provider

It can be tempting to go with the cheapest Web hosting provider available. It saves money, which is always good. But do a little research beforehand and choose a provider that is well-established and has a record for strong security. You will be glad that you can rest easy knowing your assets are safe. Seek to improve your brand instead of doing damage control later on.

2. Do not ignore WordPress update messages

WordPress updates exist for a reason. Every new release has fixes and patches that will address vulnerabilities within the site itself. Many cyber criminals target sites that use an older version of WordPress because they remain open to attacks the updates would have corrected for. Also, be sure to update all plug-ins as well.

3. Use strong passwords

Almost 8 percent of all hacked sites were traced back to weak passwords. It’s fairly easy for others to guess that your password is “password.” So don’t be lazy, and especially don’t send passwords over an email account attached to your WordPress account. The best admin passwords are almost impossible to guess or remember from a quick glance. If you’re worried about forgetting the password, write it down and keep it somewhere safe.

4. Use a strong username

Tied in with having a strong password, “admin” is a fairly easy username to guess for hackers. A recent attack was launched on WordPress sites and was effective although a bit rudimentary in nature. Repeated log-in attempts used the username “admin” and numerous common passwords. Often, hackers look for the easiest target, so make sure you’re not one of them.

5. Limit the number of log-in attempts

It’s fairly easy to limit the number of log-in attempts from a single IP address. It’s important to note that this security measure is not a fail-safe against brute-force attacks, but it can help. Additionally, it is simple enough that it is worth implementing as an additional precaution.
6. Hide the username from the author archive URL

Simply change the settings on your WordPress account to hide the username from the author archive URL. Change the user_name entry in your account to prevent potential hackers from seeing a URL that looks like this: http://website.com/author/username.

7. Don’t allow file editing from your dashboard

Add “define( ‘DISALLOW_FILE_EDIT’, true );” to your wp-config.php file to add additional security. A hacker might get to your dashboard, but he or she might not be able to access your files. A bend-but-not-break mentality, if you will. The common hacker wants to find easy sites to hack and won’t bother with the more challenging ones. This simple measure could be enough of a deterrent for hackers in the end.

8. Only use free themes from trusted companies

An astounding 8 out of 10 free themes on WordPress had base64 encoding, which could be used for malicious purposes. Only download free themes from trusted companies that are well-established in the WordPress community. Similarly, only use free plugins from trusted companies, as well.

9. Keep regular backups

A backup website can be a lifesaver after an original website is hacked. Use reputation management tactics to drive business rather than doing damage control.

10. Use security plugins from WordPress

WordPress doesn’t want its sites to get hacked. Therefore, trust security plugins from WordPress for additional site security. Be cognizant of “security” plugins from companies that are not well-established or trusted.

Spend more time growing your business, securing your intangible assets and less time addressing hacked sites. A hacked site can be much more than just a headache. It can turn into a PR nightmare, one that you may never be able to recover from.
The views expressed here are those of the author and not necessarily those of ProducersWEB.
Reprinting or reposting this article without prior consent of Producersweb.com is strictly prohibited.
If you have questions, please visit our terms and conditions
Post Article