Here is an infographic that covers WordPress security and can give you an edge. Some of the tips are applicable to any website.
How Do WordPress Blogs Get Hacked?
- Hosting 41%
- Themes 29%
- Plugins 22%
- Weak Passwords 8%
- 83% of WordPress Blogs that are Hacked are Not Updated
- 30,000 Web Sites are Hacked a Day
- On Average, a Website is Hacked Every 5 Seconds
How to Prevent WordPress Security Issues?
- Don’t Use the Default Admin Account – This is one of the most common and elementary mistakes you can make from a security perspective. What username do you think hackers try first when trying to gain access to any site? Admin, that’s right. Create another username and assign admin rights to that user before deleting the old admin user account.
- Close Comments After 30 or 60 days – OK, this might be controversial and not everyone is going to agree with this. If you are getting hit by a lot of spam comments you can try closing comments after 30 or 60 days – it certainly has cut down my spam comments drastically. Using spam comments filtering plugin like Akismet is a must.
- Get Rid of the Login Link from your Blog – Regardless of what CMS your website is running on (WordPress or similar) having a login link to the admin interface is like giving the location to the locker in the bank. Now removing the login link from your website does not guarantee safety from hackers but it just puts another step for them to go through; the more barriers the better!
- Always Keep WordPress Up-to-Date with the Latest Version – This is a no-brainer; especially when you know 83% of blogs that get hacked are not up-to-date. Most big blogs use the WordPress auto update feature to keep their blogs away from security vulnerabilities.
- Report WordPress Bugs and Security Issues – WordPress is the most used CMS on the web and the user community is huge. Every day new issues are being reported and patched. If you find a bug or an issue report it so the whole community can benefit. You can report bugs here.
- Lock Down File Permissions and Write Access – If you want to take your website security a step further you can lock down files and who has write access. You can do this in many ways: a plugin or even through the settings (cPanel) of your web host. If you are not sure how to do this; it is best to contact your web host support team and they should be able to help.
- Use a WordPress Security Plugin and Limit Failed Login Attempts –