Tips to keep your website safe and secure

WordPress websites make up a big part of the market and therefor they are often subject of attack from hackers or bots. You can protect yourself better, but remember: no security system is completely water proof.

1. Good hosting: Many people believe that a plugin holds most of the hackers out, but it’s actually hosting that should (and can) do that. So don’t go cheap on your hosting solution and pick a company that has a good reputation, like Siteground (excellent reputation) or Hostinger (good reputation).
2. Security plugin: Like I said in point 1, hosting is more important, but it can help. These days we recommend to just use the plugin from Siteground called: Security Optimizer, which gives you all the basics you need for security. Siteground customers will get more features, but from Rino’s experience it’s not really worth it anymore to pay monthly for a security plugin since hosting should prevent most of it. So it’s better to spent your money on better hosting.
3. Elementor: Use the most secure and most popular page builder – Elementor
4. SSL: Make sure on your hosting that SSL is activated. The free SSL certificate called: Let’s encrypt is good enough. If you can’t get it to work then download the plugin: Really simple SSL.
5. Backups: Adding backups to your website doesn’t prevent or solve a hack, but it does give you access to an older version of the website that you can use if the damage is unrepairable. Many good hosting providers provide backups. Some monthly, some weekly, some daily. While developing daily backups are nice, because you can easily go back to your work from yesterday (for example), but for the long term monthly backups are safer because often you find out about a hack a little later. So having a secondary option is always smart. I recommend to use Updraftplus and then connect it to a Dropbox or other cloud server you pay for. Also, make sure to turn on backups inside of ManageWP (if you use that) because it’s free and gives you another option for when things go wrong.
6. Custom login URL: Don’t make it too easy for hackers to get to your login page. So use a plugin that allows you to change your WP login page. For example with ASE (Admin and Site Enhancements).
7. Updates: Keep not only your plugins up to date, but also themes, and main WordPress updates. You can let websites update automatically by using ManageWP.
8. Avoid old plugins: If a plugin hasn’t been updated in a long time (let’s say more than a year) then it can be a risk for your website security.
9. No weak passwords: Obviously. But still… many people use the same password for multiple websites. That’s very risky, because if they hack one websites then you are putting a lot of other websites at risk. So always create strong and unique passwords. Get yourself a proper password manager like 1Password.
10. Recaptcha on forms: This Google feature adds an extra layer of security to forms, since forms are often a weak spot in a website’s security.