Nobody is as diligent as they should be when it comes to security. It’s easy to put things off and the next thing you know a year has passed and you haven’t thought about security at all. That’s ok. Let’s do a basic security checkup and get you back on track.
1. Audit your passwords
Security experts no longer recommend changing passwords every month. They do recommend long, complex passwords stored in a password manager like LastPass. I always use a minimum of 50 character length passwords whenever possible. When it’s not possible, I use the maximum character limit available. LastPass can show you which of your accounts have passwords that are weak, reused, or are older than one year.
2. Delete orphaned accounts
Inactive user accounts can become attack vectors for hackers. They would love to get access to a forgotten admin account that nobody’s paying attention to. You should delete any unnecessary privileged accounts (admin, editor, etc.) immediately.
3. Run the available updates
You should update your site’s plugins, themes, and WordPress core on a regular schedule. I recommend you check your site at least weekly and run any available updates. Now is as good a time as any to start this habit and keep your site secure.
4. Install a security plugin
I usually recommend some combination of Sucuri, BBQ Firewall, and wp-fail2ban for this. Recently, I have started evaluating the iThemes Security plugin as a potential single source for these features. The free version offers features like XML-RPC brute force protection, security logging, bad user banning, comment spam reduction, and strong password enforcement. The Pro version adds 2-factor authentication, temporary privilege escalation, and much more. I’m still evaluating, but I’m impressed so far.
5. Check your PHP version
Currently, PHP version 7.3 is the lowest version that is still receiving security updates. It will stop receiving security updates on December 6, 2021. The current/stable release is PHP 7.4, which will receive security updates until November 28, 2022. If your PHP version is lower than these, you should update immediately. Most web hosting companies provide an option to switch to a newer PHP version in their dashboard. The ones that don’t will usually upgrade it for you at your request.
What’s next?
This was just a basic security checkup. The top causes of security breaches are weak passwords and outdated website software. If you would like help keeping your WordPress site code updated, let us take care of it for you. We have a few maintenance plans available to choose from. Contact us for more information.