1. Keep your website up to date
It’s important to know that hackers are always looking for vulnerabilities. These vulnerabilities are (small or large) errors in the code of, for example, WordPress itself, or of certain plug-ins. There is a danger that hackers will abuse these errors to gain access to your WordPress website and then deposit malicious code and files there.
In order to prevent this (or at least reduce the risk of these types of errors being abused), it is very important to update WordPress (i.e. the core of your website), the plug-ins you use and the template (also called theme or template) as regularly as possible. Developers of the software regularly release updates for their plug-in or theme. Install them, because if they have discovered errors, they will be plugged into the latest version.
Don’t have the time to update your WordPress website yourself, but don’t want to take any risks? I offer several subscriptions where I can take this worry off your hands. Check out the possibilities by clicking here.
2. Choose a secure username and password
When you buy a new router, it often has a default username and password to login to. Like admin and 1234. The manufacturer will tell you to change this data as soon as possible. Or sometimes they force you to enter a stronger password the first time you log in.
Choose a strong and secure username and password for WordPress. If you have had your website built by someone else, then in most cases that’s not admin anymore. As a password you use a combination of letters, numbers and characters that are not easily retrievable by hackers. So no names of family members, no dates of birth, your zip code or any other information that a hacker could easily guess. A strong password is for example: xH9e$j1#mO8r@tJ or something similar. Try not to use numbers or letters that are sequential or sequential on the keyboard. So not qwerty123.
Tip: are you going to publish a lot of articles and does WordPress list the author underneath the article? Then you can choose to create an extra user (or have an extra user created) in the WordPress system. This prevents the username you use for logging in from being mentioned as the author of your posts. You can create a new user with your own first name or something general, such as “editor”. This makes it more difficult for hackers to find out the username that gives access to WordPress.
3. 2FA. 2FA? Yes, 2FA.
Maybe you already know 2FA from your bank or another institution where it’s becoming more and more common. 2FA stands for two factor authentication and means that you use two passwords or codes to log in. This is now also possible for WordPress, via the Wordfence plug-in that we offer as an option on our websites.
It works as follows. You choose a secure username and password to log in to the back end (the admin area of WordPress that the user does not see, but where you add pages and content). Then an extra screen appears asking for a code. This is the second authorization required before you can access WordPress. This code is randomly created by an app on your smartphone. An example of such an app is Google Authenticator. After you’ve added your account, the app will create codes that change all the time. As soon as you’re asked for it, type in the code that’s currently in the app and you’ll get access to WordPress.
Because the app is on a different device (your smartphone instead of your PC or laptop) and by quickly randomly generating the login code, this way of logging in offers extra protection against unwanted access to the WordPress back end.
4. Reliable hosting and an SSL certificate
I work with reliable hosting companies, which are characterized by excellent customer service, fast servers, but also have an eye for security. For example, you can login to TransIP with 2FA, so that an extra layer of security is also present there. In addition, you prefer to choose a hosting company that also pays attention to security on its website, so that you know that they are actively involved in this as well.
Technically, most hosting providers allow you to add an SSL certificate to your hosting package. You can recognize websites that have an SSL certificate by the lock in the address bar of your browser and by the fact that the link (the url) starts with https instead of http. This SSL certificate provides encryption. This means that the data sent via your website is secure. It is also interesting for SEO optimisation, because Google and other websites with an SSL connection value higher than those without.
Finally, I would like to briefly mention the speed of the servers. My experience (and that of customers) shows that sometimes there is a big difference in the servers on which the WordPress websites are located. By working with a good hosting company you can significantly improve the speed with which websites are loaded. This provides the visitor with a better user experience and you with more customers. You can read more about how to measure this and tips on optimization on the page about SEO optimization.