Is WordPress Secure?

Kori Ashton waving hello to her viewers.

Below is a transcript from Kori Ashton’s YouTube Video: Is WordPress Secure?

Hey y’all I’m Kori Ashton and you’re probably doing a search trying to figure out, is WordPress secure? Over and over again, we hear that question, and I want to help you understand that amazing trusted brands all around the world use this concept management system, because it is in fact very secure.

WordPress themselves have taken extra steps to make this platform even more secure. Brands use this like Target, Toyota, Vogue, Disney, some celebrities use this as well. I’ll put the link to this website in the article below so that you can go check it out, but celebrities like Snoop Dogg, Ariana Grande, LL Cool J, Same Boat, Dave Matthews Band, The Rolling Stones, so many amazing people use this content management system because if you take some simple extra steps, you can have a very secure WordPress website. I’m gonna share with you today what these seven steps are.

You can go make changes on your website today to be absolutely certain that your WordPress website stays secure. So first and foremost, one of the simple things you can do is be absolutely certain that your WordPress website stays up to date. So as soon as you log in to your website in that Admin area, you’re probably gonna see alerts just like this where you have a little, red little icon, or some sort of icon over here with numbers next to them, and they’re trying to call your attention. You might also see this little alert up here at the top that says hey I’ve got three, four, five, seven, however many updates are required. Whenever you click that, it’s gonna let you know what plugins need to be up to date, if your theme needs to be updated, and of course also, the version of your WordPress core itself. So core needs to always stay up to date. That’s WordPress itself, the content management system.

Your theme, absolutely be certain that you have the relationship with your theme author that you’ve purchased the license to get those updates, alerts, as well as get the newest version of that theme in to your website. Super important that you do that. If you don’t know how to connect with that theme author, find out what your theme name is by going to Appearance, and going to Themes. You can go in there, find that, if you click on that, a lot of times, they’ve got the authors name living right here. You can click there, and go and make certain that you have a license to get those updates, that you’re being alerted, and that you’re running the most recent version. You’re also gonna be able to see the version of the theme you’re running. So be absolutely certain that your core is up to date, your theme is up to date, and then the other thing that you need to be certain of, is all your plugins are up to date. That’s why you want as few plugins as possible, because it gets very cumbersome to manage all these.

You also want to be absolutely sure that you have reputable plugins in place. Plugins where authors are making a profit from them, and not always just free. They have reason to be absolutely certain that that is up to date and secure for you. So be sure that none of those are deprecated where the author has given up on them and they’re no longer able to be updated. Super, super important.

First step here, keeping things up to date. So number two is about usernames and passwords. So you wanna go to the left side and go to Users, and go to All Users. You just want to look through here and see, who is set up as an Admin, here’s the role over here on this column. Who’s set up as an Admin, who’s a subscriber, who’s an editor. You really just want to be absolutely certain that anybody with Administrator rights, is somebody you recognize, right? If this is not somebody that you recognize, you need to be certain to remove them, or at least go in and edit their role down to a lesser role until you can absolutely be certain that this person exists, is on your team, especially if you have a large team. Another best practice is to be certain that you’re using really strong passwords, and to be absolutely certain that none of your usernames over here are just the word Admin or Administrator. That’s the number one username that’s hacked. So just be certain that you have unique usernames, very strong, secure passwords and be certain that everybody’s role is appropriate.

That leads me to number three, which is limit the access to your website. If you can eliminate these, eliminate them. The fewer cooks in the kitchen, the better when it comes to security so that you know if something goes wonky or weird, hey there are only three people that have access to this, let’s connect with those three people. Or if you have somebody leave your team, and you forget to remove them from the website, they might still have access so, just be certain that you are able to limit the users for number three.

Number four is going to be to add extra security to your website. Did you know, that there are additional plugins that you can add that add that extra firewall, that allow you, just the absolute reassurance that you’re not gonna be hacked? If you have been hacked, they have protocols in place to be absolutely certain to get your website clean, and ready to go again, able to run and function again. So there’s plugins like Wordfence, there’s also SECURI, which I think is phenomenal, I’ve used them several times to help clean up websites. Of course, these might have free options for you, they might also have premium options for you. So check in with both of those, and see which one might be better, but you want to be able to add that little extra step of security to your website. You know, you might even want to check with your hosting provider, because they might have a preferred vendor that they want you to use. They might even offer extra security themselves.

That leads me to number five, which is check with your hosting company. Ask them, what sort of extra security are you giving me for my WordPress website? Do you add an extra firewall? What are your layers for security if there’s an alert that goes out in the WordPress industry, that maybe there’s a hack coming? Somebody’s been targeting one specific plugin. What if that’s running on my website? These are great questions that you should feel free to ask your hosting company, and they should be able to answer very quickly, whether it’s over the phone or in a live chat conversation, and give you those answers.

If you’re not finding that they know those answers, I’m gonna challenge you to step over to Pressable. Ask these guys, because they are the managed hosting WordPress experts, they only host WordPress websites, and they have been known for their award winning support, phenomenal solution when it comes to WordPress hosting. For small businesses, for large agencies that are growing, and also for those really high end enterprise level websites that have a lot of traffic hitting them, you can find out their solutions here. Of course I’ll put a link to them in the article below.

Number six is gonna be backups. I absolutely want you to be certain that your hosting company has that already in play. They should be running 24/7 backups for you okay? So maybe even on an hourly basis, if you are adding in a lot of content, you should also have the ability to be able to go in to your dashboard, in your hosting provider, and click that you want a manual backup to run right now, especially if you’re gonna go do some major updating right. Before you go and update your core, before you go and update your theme, all your plugins to keep that website secure, you want to be certain that you have a backup in place and you know how to get to that backup when the time comes. So, connect with your hosting provider, ask them what are the steps to get to my backups if something goes wonky or weird. Because as you know with WordPress every single month you’re gonna need to be logging in to your website to be certain all those updates are in place and that everything is sitting there secure.

That leads me to the final step that you need to be doing which is testing every single month. I hope that you set a date on your calendar to come to your website, test your forms, test your log in, test your checkout system to be absolutely certain that people are able to check out. Test it on different devices. You want to be sure that you have great security in place, because whether you realize it or not, you guys, you are protecting not only the monetary value that you’ve invested into building this website, but you’re also protecting your users content. You’re also protecting your search engine rank, because if Google or any search engine for that matter comes to your website, and realizes that it’s been compromised, that it’s been hacked, and it finds those corrupt files in there, it will absolutely stop presenting you as options on those search engines. So be certain that you know, that your website is secure very single month. Every single week for that matter, especially if you have high traffic and people doing transactions whether they’re donating, or buying a product, or filling out a form.

I really hope this helps you guys. I want you to be confident using this system. I have only had two clients ever get hacked in the last ten years of using WordPress. Those two, went rogue on their own, forgot to update their plugins, and the other one had really cheap, cheap, cheap hosting, and unfortunately they got hacked that way. So be certain that all seven of these are in place for you, and you should have a wonderful experience with a secure WordPress website.

Kori Ashton

Kori Ashton

Guest Author

Kori started her first company at the age of 12, and has had an entrepreneur’s heart ever since. In 2012 she launched her first tech company with a focus on WordPress web development. She has been listed as one of seven women who run tech startups in San Antonio to watch as her company has grown to be ranked third in web development in the city. She’s a guest blogger and guest speaker at WordCamps all over. Weekly you can find Kori on YouTube creating WordPress tutorials on WordPress Wednesday.  Join the growing community each week to gain even more knowledge on WordPress, Conversion, Business Strategy & SEO.

Related blog articles