One of the main concerns of a lot of people about using WordPress for their website is the idea that WordPress is not secure. Because of the ubiquity of WordPress on The Web, a lot more attempts are made to hack or compromise WordPress sites. The WordPress system is extremely secure and patches are released quickly when exploits are discovered. One of the most important things you can do to keep your WordPress site secure is to apply site and plugin updates as soon as they are released. A word of caution, though: always make a complete backup of your site before applying code or plugin updates. You never know when a change in the code or your database will crash your site and render the famous WordPress White Screen of Death.

Before we get into the security plugins you can use to help secure your site, you need to know that security starts at the server level and goes all the way to you and your security practices. Make sure that your host uses a firewall and antivirus software and allows secure ftp uploads and downloads to your website. Only use secure ftp to transfer files. Use secure passwords, which don’t necessarily have to be obscure passwords. Usable, secure passwords are much more likely to keep your site secure. One of my favorite password security comics has spawned its own password generator, which I don’t necessarily recommend using, but I love the concept. You should also have a firewall and antivirus software on your computer, even if you use a Mac!

There are lots of great plugins that you could use for your site, but which WordPress plugins are absolutely essential to keep your website safe and secure? While there are many varied opinions on which plugins are the best, in my opinion, the two essential WordPress security plugins you should use on your small business website are Better WP Security and Akismet Spam Blocker.

Better WP Security

Better WordPress Security

Additionally, there are some basic practices you can follow to secure your site that will make it more difficult for hackers to compromise your site. The Better WP Security plugin will walk you through steps that will remove or change common parts of the WordPress application and database, eliminating the commonality of your installation, which makes it harder for attackers to use attacks on common parts of the system. As with any plugin, however, make sure you have a full backup of the site and database before you start changing settings, because there is always a possibility that you can break the site by changing too many settings or applying them incorrectly.

The plugin is free, but they offer paid professional installation and support.

The WordPress codex offers a long list of recommendations to follow in order to keep WordPress secure. The Better WP Security plugin walks you through the steps and changes settings for you, so that you don’t have to get into the technical details of how to change file permissions, database settings and remove items from the code. It allows you to remove the WordPress version meta tag, making it more difficult for potential attackers to identify your website as a potentially vulnerable WordPress site. It changes the directories for WordPress dashboard including the login page and admin section, so that you can’t be targeted by a common directory on your site.

The administrative on the account should never be “admin” and Better WP Security allows you to rename the admin account, as well as change the ID on the user with ID 1, remove login error messages, display random version numbers, and more. It will also scan your site for vulnerabilities and help you fix them. It also creates backups of your database, so that you can recover your site if something goes wrong.

Akismet Spam Protection

Akismet Spam Protection

Protecting your site from spam is important because comment spam can contain links to malware and other things that could compromise the security of your site. Fortunately, the Akismet plugin provided with WordPress does a great job of filtering comment spam. You need to register on their site for a key to activate the plugin and the business version of the plugin is $59/year, but it is well worth it. Akismet will filter spam comments into a spam folder based on criteria you select or will delete them immediately, depending on how you choose to deal with spam.

Security is one of the most important aspects of maintaining a website. It requires vigilance and these plugins help you keep your WordPress site secure.