One of the most important factors in running a successful WordPress site is security. The results of having your site compromised in some way can be devastating, and its affects can last well beyond the initial hack.
The team over at CMSTOWP.com have put together an infographic that sheds light on the importance of good security practices in WordPress. Because it is the most popular CMS, it is also the most targeted for attack.
So, what can you do to make WordPress more secure? We highlighted some great tips in a previous blog post, but here are some of the most important security measures you can take today.
WordPress frequently releases updates that patch any security holes in the CMS. It's important not to allow WordPress to go too long between updates as not doing so can leave your site vulnerable as many attackers are using previously-patched flaws to make their entry. WordPress enables you to set up automatic updates, and while we don't recommend doing this in cases where an update could cause certain custom features or functionality to break, it is better than leaving it without updates for extended periods.
Your best bet is to subscribe to mailing lists and check for updates on a regular basis. Test these updates on a local development server and deploy them on your live server if everything checks out.
If your password can be found within the pages of a dictionary, it's probably not very secure. Likewise, stay away from using names or dates that are easy to find out about you. Birthdays, nicknames, and the names of children are common password choices that are easily guessed.
Consider using a password generator from LastPass or 1Password that generates a random alphanumeric password for you and stores it securely so you don't have to worry about remembering it. Another popular solution is using a combination of words and numbers. A password like "Tokyo23BunnyAppleFlower" is easier to remember but also difficult to brute force.
It is easy to accumulate plugins, but users often forget to delete them when they decide they don't really need them anymore. If you download five different slideshow plugins and end up going with one, do yourself a favor and uninstall the other 4. Less plugins means less opportunity for problems.
Your site is only as secure as its weakest component. Even if WordPress is locked down and rock solid, an insecure server allows attackers to gain access to anything they want, anyway. Check HTACCESS permissions and lock down your wp-admin directory to all but authorized people.
There is a great guide for locking down the WordPress file system here.
Even if you have done everything in your power to lock WordPress down, there is a chance something could get past and find its way on your site. Scan your site regularly for viruses, malware, and other malicious code. Even well-meaning users are capable of uploading something malicious unknowingly.
With these tips in mind, you should be able to enjoy a secure, efficient WordPress experience free from the hassles and stress that comes with overcoming a malicious attack.