Let’s talk about website security — specifically for WordPress. More than ever, the use of digital media — and your website — are on the rise, making security critical to the health of your brand.

In this video, I’ll provide four quick tips for making your WordPress site more secure.

How strong is your WordPress password?

This is the number one area where I see lots of room for improvement. Hackers and bad actors are quite sophisticated at cracking passwords. And yet, people continue using weak passwords!

Here are some recommendations:

  • Don’t use the same password that you use for everything else. If your password is compromised elsewhere, you put your website at risk.
  • Use a combination of unrelated words, along with numbers and special characters. For example: asparagusrainbow276 can become A$p@raGusr41N8ow276

For a deeper dive into creating better passwords, check out this article, 4 ways to ensure your website password is (really, truly) secure.

Stop using generic WordPress user names

Hackers love when you make their jobs easier. If you’re using “admin” or any variation of it as a WordPress user name, change it as soon as possible.

What are the elements of a more secure WordPress user name?

  • Letters
  • Numbers
  • Special characters
  • Hyphens and Underscores

Get creative. Mix up elements. The more complicated, the better. If you need ideas for brainstorming a unique user name, check out this user name generator.

Enable two-factor or multi-factor authentication

This is not a password. Think of two-factor or multi-factor authentication as an additional lock and key.

How does it work? After the initial setup, it’s as simple as logging into your website with your password. And then, depending on the authentication tool you use, you’ll be required to enter a unique, time-sensitive code into the WordPress login screen.

Here’s an example of how two-factor authentication looks when I log into the lumenmarketing.com WordPress dashboard.

two-factor authentication example

I’m asked for my user name and password. But you can also see in the third field that we’re using Google Authenticator. When I’m ready, I open the Google Authenticator app on my smartphone. A six-digit, time-sensitive code will appear. Enter that code into the WordPress login screen and you’re good to go.

For a helpful explanation of the differences between two-factor and multi-factor authentication, check out this article from HelpSystems.

Update your WordPress theme and plugins regularly

I like to think of the WordPress environment like a refrigerator. You want the food in your refrigerator to stay fresh.

What is the food in this analogy? These are the plugins you use on your website, as well as the plugins that are installed, but not in use. Just like food that can become old, stale, or worse yet, moldy — you need to update your plugins. And delete (or throw out) the ones that aren’t being used.

Old, out-of-date plugins make your website more vulnerable to hackers.

And while we’re discussing elements that can become stale, make sure you’re updating your WordPress theme and the WordPress core to the latest versions.

Still need help with WordPress security?

So there you have it — 4 ways to make your WordPress site more secure. As always, if you run into any problems, give us a shout. Our team at Lumen Marketing is here to help! Click the big blue button below or call us at 720-722-2987.