A lot of people run their websites on WordPress. It’s a great content management system that removes hours of headaches for web builders and their clients.
But the downside of being popular is that, just like high school, it makes you a target for all sorts of unpleasantness.
Sure WordPress is “87.4% secure” right out of the box. And this is just fine until you’re one of the 12.6% that isn’t secure. Then it’s not fine at all.
So avoid it in the first place, get your WordPress site secure using the Better Security plugin. It takes less than five minutes and you’ll be glad you did.
Step-by-step to Better WordPress Security
- Log in to your WordPress installation using your Admin account.
- Go to the Plugins section.
- Click the “Add New Plugin” button.
- Search for “Better Security” and install it.
- Go get a cup of tea, but don’t take too long, it’ll be installed soon.
- Whew, it’s installed. Now you have to set it up.
- In the main nav of your WordPress site there should now be a tab labelled Security.
- Click that. It will bring you to the Overview of the Better Security Plugin.
- Better Security has run a scan of your installation and will have a list of things to fix. Red things are things you ought to change to improve security. Yellow things are things that you might want to change.
- Start at the top of the list, click the first red item, this will bring you to a configuration screen.
- Check stuff and then hit submit.
- Go back to step 10 and repeat until done.
A quick and important note: Some of the things Better Security will ask you to do might muck up your site. Luckily there are GIANT RED WARNINGS at the biggest of these. When you see a GIANT RED WARNING be sure you read and understand it. Don’t do anything until you understand the GIANT RED WARNINGS ok? I don’t want the comment thread of this post to be filled with “I clicked something about enabling SSL or whatever and now I can’t access my website from home!” There’s a GIANT RED WARNING to prevent you from doing that.
This means you may end up with a Better Security overview tab that still has a red item or two and maybe a yellow item. That’s the way the cookie crumbles. Your site is still waaaaay more secure than it was before.
The only thing missing one of the aforementioned warnings that might trip you up is an item that changes your login page from teh default http://my-best-real-estate-agent-website-ever.com/wp-login.php to http://my-best-real-estate-agent-website-ever.com/whatever-you-want-this-to-be. If you change the login and then forget what you change it to, trouble ensues.
I recommend you write it down.
Those scary caveats aside (hey, it wouldn’t be security if it wasn’t a little bit scary) you’ll now be able to rest a little easier at night. It’s much scarier to wake up and find your website pwned by the haxx0r5.