We talk a lot about WordPress security on iAdminWP. It is one of our highest priorities at iAdminWP. We are not naive to think we can stop a professional hacker or Distributed Denial of Service (DDOS) attacks but we sure do the best we can and only use professional services to strengthen our client website.
There are two outstanding plugins we use for our WordPress security functions. The one is Wordfence and the other one is Shield. Both are very good plugins and really a must have for any WordPress website. If you have one of them installed and activated then please do not install the other plugin, only one is necessary to be active.
There is another method to strengthen your security and it is free, easy and fast to do. This is by keeping your WordPress Plugins and Themes up to date. By updating your plugins you close vulnerabilities that may have been in the code. iAdminWP also provides a service to do that for you.
Basic checklist for your WordPress security:
- Update your plugins.
- Use WordFence or Shield plugin (only one of them).
- Get an SSL. You can get one free from CloudFlare or by using our Hosting.
- Get a service like CloudFlare.
- Use strong passwords.
- Delete old admin and user accounts.
These security steps are just guidelines to stop small hacking attempts and DDOS attacks. You are never “bulletproof” to attacks. If it happens that your website is hacked then you can look at services like WordFence and Sucuri to clean your WordPress website from affected files.
It is wise to have multiple backups, local(on hosting server) and somewhere else like a cloud service. iAdminWP offer cloud backups and can make backups every hour!