Everything was going along smoothly. The site was bringing in money, I was getting paid by Google, and it wasn’t even needing much effort to maintain. Until…
I got hacked. Like really hacked. Then I fixed it and got hacked again.
By the time I realised and fixed it Google had de-ranked me because they had decided my site was now about hacking rather than fixing iPhones:
The good news
The good news is it actually only takes about 15 minutes to make your WordPress site significantly more secure. I found this out the hard way but here’s what you can do before it’s too late:
The simple stuff
Here’s a bare minimum that should only take 10 minutes (including the time to log in!)
- Make your password better: It sounds annoying but it’s way easier than getting hacked
- Update WordPress whenever it asks you at the top of the screen (make sure you backup first!)
- Update all plugins at least every few weeks (this is a lifesaver)
Call in the artillery
There are several security plugins that are easy to install and watch over your site day and night!
I really like Better WP Security as it’s awesome and free (I actually like it so much I made a donation to say thanks!). It protects against most wordpress hacks and effectively bundles several different plugins into one package.
This can be overkill so if you’d prefer to keep your site more lightweight you could also just install this plugin to change the admin username for your blog as well as this one to blacklist certain IP’s.
To install it is dead easy too:
And that’s it! There’s a lot more you can do to make your website more secure but this is a great start.
Will it make my blog slow to load?
In short the more stuff you put in your site the more speed issues you’re going to have. However I haven’t found this to be a problem after activating basically everything I could on this site.
Still if you need the ultimate in speed you could do some before/after testing to make sure it’s not going to affect your load times.
What other tips do you have for keeping your WordPress website secure?