In Pixel2HTML we code several WordPress instances in a regular month. WordPress itself hosts near the 20% of the internet, so we can affirm that it’s a widely secure and adopted platform to rely your project’s site. However, there are a lot of improvements that we can make for your site in order to keep it safe of potential attackers.

Stay up to date.

WordPress has a regular update life circle and releases new updates when the team burns a certain amount of bugs. Every time the WordPress core team release a new version, it’s safe to update your site. You can do it from your admin panel. We strongly advise to read the changelog just to check that any new feature doesn’t break your theme. This applies to plugins too. So take care as soon as you can.

Pick the correct plugins

There are tons of plugins that solve that new funcionality that we think we need, but be careful, there’re a lot with code injections, invisible ads or malicious code that can affect our site and our hosting.
As a rule of thumb, pick only plugins that are listed on the internal directory of WordPress.org. Check that they have plenty of installs and reviews by other users.

Rename your database tables and your default users

By default, WordPress cames with a known table prefix wp_. Most common attacks can be avoided just with renaming this prefix. You can change it in your database and renaming in your wp-config.php file.
Another quick and handy tip is to rename your admin username, changing the handle or creating another user(s) with administrator permissions, and deleting the admin one.

Change your passwords and use a secure one.

You really really want to use a secure password. You can use StrongPasswordGenerator to generate one. We recommend combining at least 8 uppercase and lowercase characters, numbers and at least one symbol (!$#@/).

Have a Backup and a Firewall

A daily backup can be useful if something happens. Most backup plugins can export your theme and database to a external server or your cloud storage (such as box.com, Google Drive or Dropbox).
Plugins like WP Database Backup or BackWPup can be very useful. You only need to decide which part of your site will be stored in your cloud.

Go static!

If you are feeling ~~paranoid~~ like going the extra mile, Really Static can help you. This plugin generates an static version of your site and you can hide your WordPress installation without exposing to the internet.
Huge B-side about this plugin will make your site incredible fast. Even faster than any cache plugin.

Get help from professionals

Last, but not least: While taking care of basic security can be done easily, we recommend you reach out to an experienced and professional developer. Our team at Pixel2HTML can assess potential security threats and make sure everything’s laid out alright to prevent any misfortune.
Feel free to contact us.