Site Security

Tips to help prevent potential threats infultrating your website.

At BrandSparky we pride ourselves on partnering with leading WordPress-specific hosting care plans to ensure our client’s are given the most customer-friendly, fastest and safest environment for their website to flourish in.

As part of all our hosting packages, we include robust server-side security measures which can prevent 95% of all potential threats to the security of your site. However, there are always additional steps you can take to improve your website’s security.

Here are a few tips that we find helps to keep those pesky bots at bay;

Need help?

If you think your website is vulnerable to a security breach get in touch immediately to see how we can help.

Always use strong passwords

It seems obvious, but many WordPress users overlook this vital security measure. Your password is to WordPress what locking your front door is to home security – and it doesn’t matter how good your security system is if you leave the door open for anyone to walk through.

It’s not possible to overstate this crucial point:

If your WordPress password is short, if it’s something readable, if you use it on multiple sites, or if somebody who knows you well could potentially guess it, then chances are it should be stronger.

If you have a site with several WordPress users or allow visitors to create their own accounts, you can add the Force Strong Passwords plugin to make all users keep their passwords beefy.

Keep your themes and plugins updated

This is another obvious one, but themes and plugins can occasionally have security vulnerabilities, which are patched by the developer as soon as they’re discovered. It’s very important to update these regularly because many malicious bots specifically search for out-of-date plugins and themes with known vulnerabilities.

We take care of WordPress core updates for you, but if you’re not also updating your themes and plugins regularly, you risk leaving your site exposed. Plus, updates often patch other bugs and enhance usability, so it’s beneficial all round. 

If you would like the brandsparky team to take care of all plugin & theme updates please contact us to arrange an upgrade.

Uninstall inactive plugins and themes

Even deactivated plugins and themes can have vulnerabilities, and can also take up your server’s resources, so they can still affect your site’s performance.

It’s always best practice to uninstall any plugins or themes that aren’t consistently active. You can always reinstall them later if you need to. 

Avoid obvious WordPress user names

This is less important than having a strong password, but it’s still helpful. A generic WordPress username like “admin” will be one of the first things any hacker or bot will try. If somebody could guess your username just by looking at the site, it’s not a bad idea to update.

Unfortunately, WordPress doesn’t allow you to change your username by default, but if you’d like, you can create a new WordPress user and then delete your old one from the ‘Users’ area in the WordPress admin sidebar. (You’ll have to use a new email address to do this, since two WordPress users can’t share the same email address, but you can always change that when you have deleted the original user).

Add Captcha

There are several ways that you can implement Captcha on your site, but the concept is the same between plugins and methods: to force any site visitor who tries to fill out a form to first prove they’re human.

While it was once a troublesome and inconvenient option, Captcha has improved greatly in recent years. Plus it protects all kinds of forms on your site, so it does double duty by helping to stop hackers and prevent spam. Google reCaptcha is the least intrusive option, and there are several plugins available to implement it, including Google Captcha (reCAPTCHA).

Move your WordPress login screen

Many WordPress hacks come from malicious bots that are programmed to crawl the web looking for WordPress sites. Once they find one, they’ll add “/wp-admin” to the end of the site’s URL to get to the login screen and try to force their way in.

brandsparky already protects you against this kind of hacking method, but you can add an extra layer of security by making your login screen harder to find in the first place.

The WPS Hide Login plugin allows you to change the location of your login screen from “/wp-admin” to whatever you want. You could use something like “/mysitelogin” or “/open-sesame” or anything else. Whatever you choose, any user who tries to use the old “/wp-admin” link will just see an error message, stopping bots and would-be hackers in their tracks.

NOTE: Moving your WordPress login screen will mean that you’ll have to share the new login URL with anyone who logs into WordPress on your site, or they won’t be able to access the admin area. 

Add two-factor authentication

A more specific and secure tool for login pages than Captcha, two-factor authentication allows you to verify your identity through any number of methods: by scanning something on your smartphone, by receiving a code via text message and entering it on the site, and others.

Whatever the method, two-factor authentication is generally much harder to dupe than traditional login credentials – and doing so while also logging in with a password is virtually impossible for a hacker, so this is an extremely powerful security solution.

Popular two-factor authentication plugins include Google Authenticator – Two Factor Authentication (2FA), Unloq, and DuoJetpack by WordPress.com also includes 2FA, among many other useful features.

Join Our Newsletter

We’ll keep you updated with helpful hints, tips, special offers and more.