The 7 Critical Things To Prevent Hacking & Sluggish Speed On Your WordPress Website
#1. Make Sure Your Site Is Secure (use an "SSL" so it displays as "https:")
These days when people open your domain in a browser the domain needs to start with ‘https://’ not ‘http://’ That one “s” means it is a “secure site”, in other words, it has an “SSL Certificate”.
You don’t need to worry about the technicalities. The important thing is that if your website doesn’t have an SSL certificate, it will show as “Not Secure” in Chrome. You definitely don’t want that, as it will turn visitors away faster than a snake in the bed!
There are a few different ways to install SSL certificates. Many hosting companies can arrange it. Or you can use paid or free SSL services. The final method which is what we prefer is to use a free service called Cloudflare, which can improve the load speed of your site, protect it from various attacks, and also has an SSL certificate. More on Cloudflare in #6 below.
SSL means your domain displays as “secure”.
#2. Keep Your WordPress Version Up To Date
WordPress (WP) is awesome, but it has two significant flaws – both of which can be fixed 🙂
The first is that being open-source software, and also so popular, it CAN be open to security vulnerabilities. In plain English, this means it can get hacked more easily than some other website platforms.
One (amongst many) of the reasons for this, is that the WP software issues updates usually at least every month. If your website is running an OUT OF DATE version of WP, then it will be easier for hackers to attack it.
So, always make sure your WordPress is kept up to date. Read on below for more info on how to do this…
Hackers attack WordPress sites both big and small, with over 90,978 attacks happening per MINUTE.” – Wordfence
#3. Keep Your Theme Updated
Continuing on from #2, the next thing to check is your theme. WordPress uses “themes” as frameworks for the layout and appearance of the website.
There are hundreds of thousands of different WP themes, including free and paid themes. Themes need to be regularly updated by the theme maker to make sure they work with each update of WP. So themes need to be manually updated in your WordPress installation as soon as the updates are available.
Make Sure Your Theme Is Supported By The Theme Maker”
Often we see WP sites built using free or cheap-and-nasty “unsupported” themes.
This means the theme is not properly regularly updated by its creators to play nicely with the latest version of WP.
If your website uses an unsupported theme, it is most likely only a matter of time (when a new update is issued) that your theme (and website) breaks.
It’s best to get a WP professional to audit your website to tell if your theme could give you unexpected trouble – see the end of this report for more.
#4. Plugins: Biggest Area Of Vulnerability
Plugins perform a huge range of different specific functions in WordPress sites. A typical site may have 10 – 30 plugins.
If these are also not updated regularly, they make your site vulnerable to attack. In fact, plugins are THE biggest source of vulnerabilities for WP.
Keeping them all updated can be a mission. But there is a solution. Read to the end of this report to see…
According to a recent report by wpscan.org, of the 3,972 known WordPress security vulnerabilities: 52% are from WordPress plugins 37% are from core WordPress 11% are from WordPress themes” – ithemes.com
#5. Security Plugins
There is a large range of plugins to assist with your WordPress security that are available to include in your armoury against hackers – but which ones to choose?
The ones we use are:
- BulletProof Security
- Wordfence
To install these you go to Plugins > Add New, then search for each one in the search field. Click Install, then when installed, click on Activate.
When setting up correctly, you can get great security, without having to pay for the Premium options. However, there is more detail involved in setting these up, that we haven’t got space to cover here. (See more info at end of this report for how to solve this)…
Click on each security plugin below to read more…
#6. CDN & Speed Secret Sauce
As well as the security issues, the second problem with WordPress is that it can be rather “bloated” from a coding perspective, and this makes it rather slow to load.
There are many parts to the solution jigsaw – and it depends a lot on the theme you use, and how many images you have on any page you want to load.
But a little-known unfair-advantage is a what’s known as a “CDN” (Content Delivery Network). The particular one we love is called Cloudflare.
This serves lots of the resources (images, etc.) on your site from its own special fleet of super-fast highly secure servers, spread all over the world. So in most cases, it speeds up your website load time; it helps to protect your website from what’s known as DDoS attacks, and also it allows for a free SSL. And it’s all free! Brilliant huh!? We use it on ALL of our websites.
There are two other plugins we highly recommend for improving the performance and reducing the load speed of your website (which is now highly important to give the best user experience and get the best rankings on Google):
First is a performance optimising “caching” plugin called “WP Rocket” and the second is an image size compression tool called “Webcraftic Robin image optimizer“. When you or your webmaster uploads images to WP, ideally, they should be “compressed” to a file size of no more than about 100KB. Certainly, you cannot upload images directly from your iPhone, as they are several Meg in size! But reducing image file sizes is a total pain to do retrospectively! So the image optimiser plugin will crank through all your website images and make them the best size for fast loading, without overly compromising quality.
#7. Protecting Logins
As you can see from the above quote, perhaps THE most important aspect of security is managing your login access correctly. The default username for WordPress is “admin”. NEVER use that!! Think of something a little more complex. If your site is www.alisonsyoga.com use something like admin_yogaali. Here’s how to change your username.
Similar to your password. NEVER use something easy to guess like “password” “1234” etc. Hackers have sophisticated software that can try thousands of the more common passwords in a very short time. Either choose a relatively complex password with a capital, numbers and other symbols, that you can remember like “2018MercedesML63!!” or better still use https://passwordsgenerator.net/ to generate an impossible to guess a password like “3P,v\r_z>:p?@KBQ”
Of course, the only problem is that impossible to guess, also means most likely impossible to remember! To get around that we recommend you use a contemporary password storage tool like https://www.lastpass.com/ or https://1password.com/
Thank You
For reading this report – we hope it helps point you in the right direction to protect and speed up your WordPress site.
Having said that…, there’s no denying that implementing all the above is not for the faint-hearted! We’ve given you the plugins, and approaches, but to walk you through the detailed setup, would take dozens of pages of in-depth tech-talk!
There is a much easier way…
Here at Urban Online, we can do it all for you!
We’ll perform a quick audit of your WP website, then provide a quote to install and fix everything for you – completely hands-off for you, so you can focus on what you should be doing – building your business!
We also have day-by-day monitoring and updating solution – just $70/mth inc GST
Click the button to get a quote for us to take the risk and hassle away!