WordPress is one of the coolest content management system that help you build a website in no time. As you may know, it is an open source software, and as any other software has its issues, but the development team works hard and constantly updating the core to fix and improve this great tool.
WordPress is very popular, millions of websites are built with it, not only because it is free, but it is also very powerful and can be easily extended. It is so popular, that many web hosting companies are specialized in wordpress hosting, optimizing their servers and software around it. For example at Ipage and BlueHost you can install WordPress with one click to your website.
The popularity of WordPress brings also a lot of problems to its users. One of the main problems is the comment spam. If don’t deactivate the comment system or you don’t use a proper plugin to prevent it, most likely your site will be flooded with lots of unwanted comments that can overload database and bring a lot of harm to your search engine rankings. Another issue is the security, which can be compromised because of hosting server, unsecure plugins, week admin password and others.
In this article we will show you how to make your WordPress site secure and how to keep it like that.
Prevent Comment Spam with Plugins
First of all, if your site is not a blog or a community website, where you want to hear about your users opinion, you can just simply deactivate the comment system, and you are good to go. But what if you want that users to share their thoughts on the posts you write? The core WordPress installation comes with an in-built plugin called Akismet. This is not an active plugin from default, it has to be activated. The activation is as simple as clicking a button, but you will need to request a token from the Akismet website and use that secret code on your website.
You should keep in mind, that the free version of Akismet stops only a limited amount of spam per month. If your site is very busy and is getting hundreds of comments a day, the plugin will just stop working, until you get a premium token.
A very good alternative of Akismet is the Anti-Spam plugin, that does not use any captcha and does not require a toke and it is free.
Changing the Default Admin User
The standards username for every WordPress installation is admin. You will want to change this right after installation, because everything that is default can cause holes in the security of your site. To change the default admin user, you will have to login to the back-end of your site and create a new user with Administrator privileges. Login again with the new account and delete the default admin user. This small change can make huge differences when it comes to security.
Moderate comments and Spam
It is not enough to have a plugin that prevent spam. Even if that plugins works perfectly and detects 99% of spam comments, you still want to moderate the discussion and the content on your website. Some of comments may not be spam but it could be self-promotion or inappropriate to your topic, or even hateful or racist. You want to avoid these type of comments, so the best way to manage is to manually approve every single one. You can also automatically deactivate comments after a certain period. I know it is painful to go over each comment, but trust me, it worth the effort.
If your site is receiving so many comments that cannot be manually managed, you can install a plugin that will send a verification email to the user, and the comment will be approved only if the user activates it. This can also be compromised, but it is an option to automate it somehow.
Using Security Plugins
A security plugin can do much in order to prevent and detect any malicious activity on the server and on your site. Wordfence is a free plugin that doing a great job in terms of security. It will check if your site is already infected, by doing a server-side scan and compare the source code of WordPress core, plugins and themes. This plugin has a premium version as well, that enables two factor authentication via SMS, ability to block specific country and enable scheduled scans.
Using Strong Password
Using a week password is very common mistakes among users, they use simple words, easy to remember numbers, relative’s names, pet’s names, all these can be easy compromised. By adding two words, a number and a special character to your password, can make huge difference. Also avoid using the same password on multiple website; if one website gets hacked and your password is stolen, all your other account are exposed. If you can’t come up with a good password, here is a tool from Norton that will generate the a strong password for you.
One extra – update your plugins
Another great thing about WordPress is that can detect when a new version of the core of a plugin or theme is available. If it is a security related update, you will want to do it as soon as possible, if the update is about minor tweaks, you can do it later; however it is very good to have all your things up to date.
I think we covered the most important steps you should take to secure your site, however as you know, nothing is perfect in the world, you can do the greatest efforts and still have issues. I can only recommend you to check time-to-time manually your system and see if everything works as expected. If there is something that I missed out, please let me know in the comments.