Greenwich Design WordPress Security Standards
When building a WordPress website, ensuring the security of your site should be a top priority. WordPress, being a widely used Content Management System (CMS), is often targeted by hackers. These are some best security practices that we follow to protect your WordPress website during and after the build:
Secure hosting provider
- Greenwich Design uses DigitalOcean for hosting as it is well known for its emphasis on security.
- As part of a maintenance package we can offer frequent backups. We also use web application firewalls and intrusion detection systems via the WordFence plugin. Which we install as standard on all our sites.
WordPress core, themes and plugin updates
- As part of a maintenance package we will regularly update your WordPress core, themes, and plugins to the latest versions.
- The updates often contain security patches for vulnerabilities that have been discovered so are essential to site security.
Use of strong passwords and user permissions
- We strongly encourage the use of strong, unique passwords for the WordPress admin area.
- We also limit the number of login attempts to prevent brute force attacks.
- Assign appropriate user roles and permissions. Not every user needs administrative access.
Implementation of SSL encryption
- As standard we install an SSL certificate to secure data transfer between user browsers and your server, especially if you’re handling sensitive information.
Installation of security plugin
- We install WordFence which is a reputable security plugin that offers features including malware scanning, firewall protection, and security hardening.
Frequent site backups
- As part of a maintenance package we will set up automated backups to save your site content and databases regularly.
- Additionally, the backups are stored in a secure, off-site location.
Disabling file editing via the dashboard
- In the WordPress dashboard, you can directly edit your plugin and theme files. We make sure this feature is disabled to reduce the risk of a hacks modifying the code.
Changing the default information
- Many SQL injections target sites using the default “wp_” prefix. Changing it can help reduce the risk of SQL injection attacks.
- We also change the default login to a more secure URL to avoid external hacking attempts.
Hiding WordPress version
- Displaying your WordPress version can provide hackers with information they need to exploit vulnerabilities. We can hide it by removing this information from your site’s header.
Additional best practices
- Use security tools and services to regularly scan your website for vulnerabilities, outdated plugins or themes, and other security risks.
- Keep an eye on login attempts, plugin installations, and other activities with the help of security plugins or services.
- Stay informed about the latest WordPress security threats and best practices.
- Train anyone who has access to your WordPress site on basic security protocols.
Please note that by implementing these best security practices, we can significantly reduce the vulnerability of your WordPress website to potential threats. However, website security is an ongoing process, not a one-time setup. Regular reviews of your security measures are required to protect your site against new threats as they emerge.