“Only a fool learns from his own mistakes. The wise man learns from the mistakes of others”, said Otto von Bismark. He was a great Prussian leader and he is considered a political genius. His ideas are studied by sociologists, psychologists, and political people; definitely he is a source of inspiration. I think that the above statement is going too further…all of us have made mistakes… are all of us fools?
Still, Bismark idea’s isn’t fundamentally wrong…we should try to learn from other people’s mistakes. The bigger consequences a mistake has, the better to learn from others! Unfortunately, people involved in online activities have the potential of making huge mistakes. Much more, the hackers have done everything to profit from any mistake. The situation is truly dangerous and still many people ignore this phenomenon. In 2015, more than 34% of user computers were attacked at least once! In this context, I guess that it is better to follow Bismark’s piece of advice and learn from others’ mistakes.
WordPress is a secure CMS, but it has enough vulnerabilities that should convince you to take action. Imagine that behind The Mossack Fonseca data breach it is possible to be a vulnerable WordPress plugin! All these data represent a huge warning if you own or manage a WordPress website. Instead of worrying about, the better approach is to take action immediately. Here I made up a list of applicable tips to better secure your website.
1. Update your WordPress version, themes and plugins
Yeah, many of you consider this advice a boring and useless one. It might be true, I can’t deny this fact. Also none can deny that many WordPress admins or users don’t apply this tip and some consequences are catastrophic. Once again, Mossack Fonseca should make you sit up and take notice.
Updating your WordPress version, themes and plugins isn’t a big deal and doesn’t take you so much time. It’s the first step if you want to improve your website security. Limiting the number of plugins and themes used is another tip that helps in securing your website.
2. Take care of your credentials
It is another simple (if you are ironic, you may read stupid) tip to secure a WordPress website. Ironically or not, many WordPress admins have as username…guess what…admin!!! Of course, this a huge mistake and the hackers know how to profit from. The passwords should be strong – highly recommended to be a string of random letters and numbers. Changing it frequently is another step for an improved security.
3. Limit logins
The “brute force” method is widely used by hackers; it implies that the hacker tries to login to a website until he/she cracks the password. If you use a strong password, it is harder to crack it; hence tip #2 makes sense now, doesn’t it? Limit Login Attempts and Login LockDown are two massively downloaded plugins that may help you in this regard.
4. Use security plugins
There is no affiliate link or any connection to WordFence, but it is one of the best security plugins ever. I recommend using it because I am satisfied with its features. Of course, you may use any security plugin – the repository is full of good plugins aimed to secure a WordPress website. You may install and test plugins as iTheme Security, All in One WP Security and Firewall, or Sucuri Security.
5. Hosting is capital
A good host is capital for any WordPress website. It is responsive for loading speed, availability, and security. According to WP White Security infographic, the poor hosting security is responsible for 41% of the total number of WordPress blogs hacked. A good hosting solution cost you some extra bucks, but you have the certitude that your website is in good hands.