If you’d like to protect your WordPress site but aren’t an IT security expert, then this article is for you. To create a website, you need to invest time, energy and resources. No-one wants to have to start from scratch due to a cyber attack or malware.
Infomaniak implements important security measures that are located far upstream to proactively eliminate threats even before they reach the hosted websites. To complete this system, each website Infomaniak hosts is protected free of charge by Patchman Security Scanner, a professional anti-malware and automated vulnerability correction solution. What’s more, Infomaniak’s web hosting is automatically backed up every 24 hours.
Do you need to secure your WordPress site?
Even when choosing the best web hosting, it is advisable to take a minimum number of precautions to protect the part you manage: the website itself. With a 60% share of the market, WordPress is the most widely used content management system (CMS) in the world. So it goes without saying that there is a high and constant number of threats. Thankfully, all you need to do is take a few simple steps to significantly increase your WordPress site’s security.
1. Updates take priority when it comes to protecting your WordPress site
Updating WordPress
Like all software, WordPress evolves. Its code is regularly reviewed to provide not only new features, but also – and above all else – security patches. As is the case with your computer or smartphone, regular WordPress updates are vital when it comes to plugging security gaps and ensuring your site’s software integrity.
Here’s how to update your WordPress site:
- Log into the WordPress console (Need help?)
- Click on Updates from the Dashboard section of the main menu on the left
- Install the latest version of WordPress if necessary
Updating WordPress plugins and themes
Themes and plugins are code added to WordPress. All too often, unused plugins or themes are left lying around without being updated: this is a security error you might not expect. This obsolete code is very often exploited to inject malicious files and open a breach in a site’s security. So it’s important to update your plugins and themes, even if you don’t use them. Don’t hesitate to remove them to reduce risks and avoid unnecessary maintenance if necessary.
Here’s how to update your WordPress plugins and themes:
- Log into the WordPress console (Need help?)
- Click on Updates from the Dashboard section of the main menu on the left
- Select the plugins and themes to be updated
- Click on Update Plugins
Using an updated version of PHP
WordPress uses the language PHP to create the web pages that are displayed to your visitors. As with WordPress, the risks increase if you are using an obsolete version of PHP. Your Infomaniak hosting allows you to test and install the latest version of PHP with just a single click and no need for any prior knowledge.
If needed, this guide shows you how to install a recent version of PHP on your site. If your themes or plugins don’t support the latest version of PHP yet, you will be able to revert to an older version and keep it up-to-date in a few clicks.
2. Securing access and logging into WordPress
The gateway to your site is protected by the WordPress login page. While this page is important, it is also vulnerable. It regularly falls victim to attacks, so here’s how to protect it:
Using a strong password and a customised username
In WordPress, the default administrator account is called “admin”. This name is the same for everyone, and is probably the one you type to log in too. If a hacker already knows your site’s username, it’s even easier for them to get into it. So it’s wise to change this account’s name.
When creating your site with My WordPress Site, you can define a username other than “admin” and, of course, a customised password. We recommend that you use a password manager to generate a password that is at least eight characters long and contains uppercase and lowercase letters as well as special characters (e.g.: !?’:_,+§°, etc.) and numbers. The longer your password, the more secure the access to the WordPress console will be.
Here’s how to change your WordPress password:
- Log into the WordPress console (Need help?)
- Click on Users from the main menu on the left
- Click on your user
- At the bottom of the page, click on the Generate Password button
- Save this password in your password manager
- Click on Update Profile at the very bottom of the page
Here’s how to change a WordPress username:
- Log into the WordPress console (Need help?)
- Click on Users from the main menu on the left
- Click on the Add New button at the very top of the page
- Choose a username other than “Admin” and a strong password
- Click on Add New User at the very bottom of the page
- Then log into the WordPress console with the new username to delete the old one. You will be able to assign all your content to the new user upon deletion.
Changing the URL of the WordPress login page
The login address for your WordPress administration interface always follows the same default syntax: www.mywebsite.com/wp-login or www.mywebsite.com/wp-admin. Again, it’s easy for someone with bad intentions to work out the URL of the login page to your WordPress site from your domain.
To make things tougher for potential hackers, it is advisable to change your site’s login address. You can install and use the WPS Hide Login plugin so you don’t have to make modifications manually. Once the plugin has been installed and activated, navigate to your console’s Settings section and to the WPS Hide Login heading. Simply fill in the Login URL field and save the changes. Then remember to update your favorites and make a note of the new address for accessing your WordPress console.
Limiting WordPress login attempts
Hackers try to guess the username / password combination by varying and multiplying login attempts. If you’ve got enough time on your hands, it is indeed possible to gain access to a site: this method is known as “brute force”. Since these attacks are very frequent, it is advisable that you limit the number of login attempts that WordPress allows. The easiest way of doing so is to install the WP Cerber plugin directly from WordPress. This plugin will automatically block repeated attacks coming from the same IP address to counter brute force attacks.
3. Securing exchanges between your WordPress site and its visitors
Enabling HTTPS with an SSL certificate
When they visit your site, users exchange data with it. Such data might be navigation data, personal data (name, email address, phone number, etc.), or even banking data. Protecting these exchanges is vital if you don’t want a third party to be able to intercept it. Similarly, search engines and browsers penalise unsecured sites. To secure traffic to and from your site, you need to enable an SSL certificate, which is indicated by the small padlock next to your domain name (HTTPS). In this article, you will find all the information you need to choose and enable an SSL certificate.
For e-Commerce sites or those using WooCommerce, you can strengthen your users’ security with a paid certificate from Sectigo, which includes a warranty. This additional protection is activated in one click and is installed automatically if your site is already managed by Infomaniak.
Looking for the best hosting for your WordPress site?
Creation, security, customer service: good hosting must be efficient, secure and easy to use. Whatever your project, at Infomaniak you will find hosting optimised for WordPress and many exclusive services to make your life easier and save you precious time.
- Web Hosting: the flagship solution for creating your WordPress site (DIVI theme included with Elegant Themes)
- Cloud Server: dedicated resources for your WordPress sites (DIVI theme included with Elegant Themes)
- Jelastic Cloud: the preferred solution for high-traffic WordPress sites (Find out more)
If you’d like to protect your WordPress site but aren’t an IT security expert, then this article is for you. To create a website, you need to invest time, energy and resources. No-one wants to have to start from scratch due to a cyber attack or malware.
Infomaniak implements important security measures that are located far upstream to proactively eliminate threats even before they reach the hosted websites. To complete this system, each website Infomaniak hosts is protected free of charge by Patchman Security Scanner, a professional anti-malware and automated vulnerability correction solution. What’s more, Infomaniak’s web hosting is automatically backed up every 24 hours.
Do you need to secure your WordPress site?
Even when choosing the best web hosting, it is advisable to take a minimum number of precautions to protect the part you manage: the website itself. With a 60% share of the market, WordPress is the most widely used content management system (CMS) in the world. So it goes without saying that there is a high and constant number of threats. Thankfully, all you need to do is take a few simple steps to significantly increase your WordPress site’s security.
1. Updates take priority when it comes to protecting your WordPress site
Updating WordPress
Like all software, WordPress evolves. Its code is regularly reviewed to provide not only new features, but also – and above all else – security patches. As is the case with your computer or smartphone, regular WordPress updates are vital when it comes to plugging security gaps and ensuring your site’s software integrity.
Here’s how to update your WordPress site:
- Log into the WordPress console (Need help?)
- Click on Updates from the Dashboard section of the main menu on the left
- Install the latest version of WordPress if necessary
Updating WordPress plugins and themes
Themes and plugins are code added to WordPress. All too often, unused plugins or themes are left lying around without being updated: this is a security error you might not expect. This obsolete code is very often exploited to inject malicious files and open a breach in a site’s security. So it’s important to update your plugins and themes, even if you don’t use them. Don’t hesitate to remove them to reduce risks and avoid unnecessary maintenance if necessary.
Here’s how to update your WordPress plugins and themes:
- Log into the WordPress console (Need help?)
- Click on Updates from the Dashboard section of the main menu on the left
- Select the plugins and themes to be updated
- Click on Update Plugins
Using an updated version of PHP
WordPress uses the language PHP to create the web pages that are displayed to your visitors. As with WordPress, the risks increase if you are using an obsolete version of PHP. Your Infomaniak hosting allows you to test and install the latest version of PHP with just a single click and no need for any prior knowledge.
If needed, this guide shows you how to install a recent version of PHP on your site. If your themes or plugins don’t support the latest version of PHP yet, you will be able to revert to an older version and keep it up-to-date in a few clicks.
2. Securing access and logging into WordPress
The gateway to your site is protected by the WordPress login page. While this page is important, it is also vulnerable. It regularly falls victim to attacks, so here’s how to protect it:
Using a strong password and a customised username
In WordPress, the default administrator account is called “admin”. This name is the same for everyone, and is probably the one you type to log in too. If a hacker already knows your site’s username, it’s even easier for them to get into it. So it’s wise to change this account’s name.
When creating your site with My WordPress Site, you can define a username other than “admin” and, of course, a customised password. We recommend that you use a password manager to generate a password that is at least eight characters long and contains uppercase and lowercase letters as well as special characters (e.g.: !?’:_,+§°, etc.) and numbers. The longer your password, the more secure the access to the WordPress console will be.
Here’s how to change your WordPress password:
- Log into the WordPress console (Need help?)
- Click on Users from the main menu on the left
- Click on your user
- At the bottom of the page, click on the Generate Password button
- Save this password in your password manager
- Click on Update Profile at the very bottom of the page
Here’s how to change a WordPress username:
- Log into the WordPress console (Need help?)
- Click on Users from the main menu on the left
- Click on the Add New button at the very top of the page
- Choose a username other than “Admin” and a strong password
- Click on Add New User at the very bottom of the page
- Then log into the WordPress console with the new username to delete the old one. You will be able to assign all your content to the new user upon deletion.
Changing the URL of the WordPress login page
The login address for your WordPress administration interface always follows the same default syntax: www.mywebsite.com/wp-login or www.mywebsite.com/wp-admin. Again, it’s easy for someone with bad intentions to work out the URL of the login page to your WordPress site from your domain.
To make things tougher for potential hackers, it is advisable to change your site’s login address. You can install and use the WPS Hide Login plugin so you don’t have to make modifications manually. Once the plugin has been installed and activated, navigate to your console’s Settings section and to the WPS Hide Login heading. Simply fill in the Login URL field and save the changes. Then remember to update your favorites and make a note of the new address for accessing your WordPress console.
Limiting WordPress login attempts
Hackers try to guess the username / password combination by varying and multiplying login attempts. If you’ve got enough time on your hands, it is indeed possible to gain access to a site: this method is known as “brute force”. Since these attacks are very frequent, it is advisable that you limit the number of login attempts that WordPress allows. The easiest way of doing so is to install the WP Cerber plugin directly from WordPress. This plugin will automatically block repeated attacks coming from the same IP address to counter brute force attacks.
3. Securing exchanges between your WordPress site and its visitors
Enabling HTTPS with an SSL certificate
When they visit your site, users exchange data with it. Such data might be navigation data, personal data (name, email address, phone number, etc.), or even banking data. Protecting these exchanges is vital if you don’t want a third party to be able to intercept it. Similarly, search engines and browsers penalise unsecured sites. To secure traffic to and from your site, you need to enable an SSL certificate, which is indicated by the small padlock next to your domain name (HTTPS). In this article, you will find all the information you need to choose and enable an SSL certificate.
For e-Commerce sites or those using WooCommerce, you can strengthen your users’ security with a paid certificate from Sectigo, which includes a warranty. This additional protection is activated in one click and is installed automatically if your site is already managed by Infomaniak.
Looking for the best hosting for your WordPress site?
Creation, security, customer service: good hosting must be efficient, secure and easy to use. Whatever your project, at Infomaniak you will find hosting optimised for WordPress and many exclusive services to make your life easier and save you precious time.
- Web Hosting: the flagship solution for creating your WordPress site (DIVI theme included with Elegant Themes)
- Cloud Server: dedicated resources for your WordPress sites (DIVI theme included with Elegant Themes)
- Jelastic Cloud: the preferred solution for high-traffic WordPress sites (Find out more)
Vous aimerez aussi...
Case study: Idéative develops the resilient digital ecosystem of the CHUV
Thursday October 27th, 2022
kDrive: online collaboration on Microsoft Word, Excel and PowerPoint documents
Thursday October 13th, 2022
Case study: Nako is modernising its data backup and cybersecurity offer with Swiss Backup
Monday August 15th, 2022
Auch interessant...
Case study: Idéative develops the resilient digital ecosystem of the CHUV
Thursday October 27th, 2022
kDrive: online collaboration on Microsoft Word, Excel and PowerPoint documents
Thursday October 13th, 2022
Case study: Nako is modernising its data backup and cybersecurity offer with Swiss Backup
Monday August 15th, 2022
The Infomaniak Email Service is evolving, centralising security and user management
Thursday August 4th, 2022
Engineering ladder: Infomaniak promotes personal fulfilment and career growth for developers
Thursday July 14th, 2022
Partner programme (B2B): become a reseller of Infomaniak services to develop your business
Friday March 25th, 2022
Case study: Axium IT creating a new IaaS offering to migrate customers to Infomaniak’s Public Cloud
Friday February 4th, 2022
Octree is accelerating the adoption of digital participatory democracy with the Infomaniak Public Cloud
Friday November 19th, 2021
Case study: Deeplink is migrating its AI platform from AWS to the Infomaniak Public Cloud
Friday October 1st, 2021
Public Cloud: Infomaniak is launching a sovereign alternative to the GAFAM group at very aggressive rates
Tuesday September 28th, 2021
Events streaming: Théâtre Confiture becomes an innovation laboratory for Infomaniak Tickets
Thursday July 8th, 2021
Webmail that’s 100% independent: Infomaniak offers a unique alternative to GAFAM
Thursday May 20th, 2021
kMeet: the local alternative to Microsoft Teams and Zoom becomes more powerful
Tuesday May 11th, 2021
Datacenter security: how does Infomaniak protect itself against the worst-case scenarios?
Thursday March 18th, 2021
Control over data: data centres are the cornerstones of Infomaniak’s independence
Friday March 5th, 2021
Infomaniak × École 42 Lausanne: free local developer training for world-class skills
Friday January 22nd, 2021
Roadmap 2021: Infomaniak accelerates the development of its independent technology
Tuesday December 8th, 2020
Engineers, whistleblowers, ethical hackers… this is how Infomaniak protects your URL data
Monday November 9th, 2020
Encrypted email address: Infomaniak supports HIN for professionals dealing with health-related issues
Monday September 7th, 2020
kMeet, which is still free of charge, gets a makeover and now features moderation and recording
Monday September 7th, 2020
Swiss Made Software: building the technological alternative in the heart of Europe
Wednesday August 26th, 2020
One single password to manage everything: Infomaniak’s continuing its simplification process
Friday August 14th, 2020
Infomaniak 2020 Roadmap: a genuine alternative to the Big Five tech companies
Friday February 21st, 2020
9 reasons to choose Infomaniak to store your data and ensure data confidentiality
Monday February 3rd, 2020
Introducing kDrive: Switzerland’s first collaborative storage solution for SMEs and individuals
Friday December 20th, 2019
Black Friday: Infomaniak is clear – the planet is not something to haggle over
Friday November 29th, 2019
Infomaniak makes life easier for domain name owners and purchasers through bulk transfer
Monday September 23rd, 2019
Application hosting: an on-demand infrastructure to host a public service (case study)
Wednesday September 4th, 2019
How to create a Google Analytics goal for monitoring subscriptions to a newsletter
Friday August 16th, 2019
Web hosting with DIVI: free access to all WordPress themes by Elegant Themes
Thursday June 27th, 2019
Jelastic Cloud: the easy alternative to Amazon Web Services and Google Cloud Platform
Wednesday May 15th, 2019
Infomaniak makes your sites even more secure with Patchman Security Scanner
Friday February 22nd, 2019
Infomaniak launches SwissTransfer, the Swiss high-capacity alternative to WeTransfer
Friday February 15th, 2019
Speed up the page load time of your website anywhere in the world with Fast Anycast DNS
Friday February 1st, 2019
Guest Manager: the one-stop event organisation solution is now more powerful than ever before
Friday January 18th, 2019
Swiss Backup, the Swiss backup solution for Windows, Mac, Linux, iOS and Android
Thursday November 29th, 2018
Infomaniak Sync: the Android app to sync your WorkSpace calendars and contacts
Friday November 9th, 2018
DebConf18 in Taiwan: Infomaniak contributes to Open Source at the highest level
Tuesday October 16th, 2018
WorkSpace 3: the new generation of Swiss Webmail is evolving with its users
Friday September 14th, 2018
Infomaniak launches Jelastic Cloud: the Swiss PaaS platform for developers and businesses
Tuesday September 4th, 2018
ISO 27001: Infomaniak stands out for its optimal management of information security
Friday August 3rd, 2018
Invitation management service: Infomaniak launches a tool for organising your events
Friday July 27th, 2018
Create an on-line store: e-commerce sites are becoming increasingly popular
Wednesday March 21st, 2018
How to create a VPN in Switzerland with a Synology NAS, hosted with Infomaniak
Thursday March 15th, 2018
Infomaniak integrates the European General Data Protection Regulation – GDPR
Tuesday February 6th, 2018
Is your WordPress site not yet in https format? Here is how to enable it
Wednesday November 15th, 2017
5 concrete, simple recommendations for increasing your open rate – Email Marketing
Friday April 28th, 2017
Starting 4 April, your admin console interface is going to be gradually evolving
Thursday March 30th, 2017
Transfer a domain without interrupting the operation of your emails and Internet sites
Monday March 20th, 2017
The Rolex Grand Slam organiser sends its newsletters with Infomaniak: Interview
Thursday November 24th, 2016
A specialized partner of Solar Impulse, Infomaniak is actively involved in the adventure
Tuesday June 16th, 2015
Sync your contacts and calendars (even more easily) with the Infomaniak WorkSpace
Tuesday May 5th, 2015
Install Joomla, ownCloud, phpBB, and more… in just a few clicks with Infomaniak hostings
Friday January 23rd, 2015
Rencontres du Management Durable (Sustainable Management Meetings) at the CCIG
Friday June 20th, 2014
The new “Mon Site Facile” tool: easy web site creation in just a few clicks of the mouse
Friday February 28th, 2014
We also suggest...
Case study: Idéative develops the resilient digital ecosystem of the CHUV
Thursday October 27th, 2022
kDrive: online collaboration on Microsoft Word, Excel and PowerPoint documents
Thursday October 13th, 2022
Case study: Nako is modernising its data backup and cybersecurity offer with Swiss Backup
Monday August 15th, 2022
The Infomaniak Email Service is evolving, centralising security and user management
Thursday August 4th, 2022
Engineering ladder: Infomaniak promotes personal fulfilment and career growth for developers
Thursday July 14th, 2022
Partner programme (B2B): become a reseller of Infomaniak services to develop your business
Friday March 25th, 2022
Case study: Axium IT creating a new IaaS offering to migrate customers to Infomaniak’s Public Cloud
Friday February 4th, 2022
Octree is accelerating the adoption of digital participatory democracy with the Infomaniak Public Cloud
Friday November 19th, 2021
Case study: Deeplink is migrating its AI platform from AWS to the Infomaniak Public Cloud
Friday October 1st, 2021
Public Cloud: Infomaniak is launching a sovereign alternative to the GAFAM group at very aggressive rates
Tuesday September 28th, 2021
Events streaming: Théâtre Confiture becomes an innovation laboratory for Infomaniak Tickets
Thursday July 8th, 2021
Webmail that’s 100% independent: Infomaniak offers a unique alternative to GAFAM
Thursday May 20th, 2021
kMeet: the local alternative to Microsoft Teams and Zoom becomes more powerful
Tuesday May 11th, 2021
Datacenter security: how does Infomaniak protect itself against the worst-case scenarios?
Thursday March 18th, 2021
Control over data: data centres are the cornerstones of Infomaniak’s independence
Friday March 5th, 2021
Infomaniak × École 42 Lausanne: free local developer training for world-class skills
Friday January 22nd, 2021
Roadmap 2021: Infomaniak accelerates the development of its independent technology
Tuesday December 8th, 2020
Engineers, whistleblowers, ethical hackers… this is how Infomaniak protects your URL data
Monday November 9th, 2020
Encrypted email address: Infomaniak supports HIN for professionals dealing with health-related issues
Monday September 7th, 2020
kMeet, which is still free of charge, gets a makeover and now features moderation and recording
Monday September 7th, 2020
Swiss Made Software: building the technological alternative in the heart of Europe
Wednesday August 26th, 2020
One single password to manage everything: Infomaniak’s continuing its simplification process
Friday August 14th, 2020
Infomaniak 2020 Roadmap: a genuine alternative to the Big Five tech companies
Friday February 21st, 2020
9 reasons to choose Infomaniak to store your data and ensure data confidentiality
Monday February 3rd, 2020
Introducing kDrive: Switzerland’s first collaborative storage solution for SMEs and individuals
Friday December 20th, 2019
Black Friday: Infomaniak is clear – the planet is not something to haggle over
Friday November 29th, 2019
Infomaniak makes life easier for domain name owners and purchasers through bulk transfer
Monday September 23rd, 2019
Application hosting: an on-demand infrastructure to host a public service (case study)
Wednesday September 4th, 2019
How to create a Google Analytics goal for monitoring subscriptions to a newsletter
Friday August 16th, 2019
Web hosting with DIVI: free access to all WordPress themes by Elegant Themes
Thursday June 27th, 2019
Jelastic Cloud: the easy alternative to Amazon Web Services and Google Cloud Platform
Wednesday May 15th, 2019
Infomaniak makes your sites even more secure with Patchman Security Scanner
Friday February 22nd, 2019
Infomaniak launches SwissTransfer, the Swiss high-capacity alternative to WeTransfer
Friday February 15th, 2019
Speed up the page load time of your website anywhere in the world with Fast Anycast DNS
Friday February 1st, 2019
Guest Manager: the one-stop event organisation solution is now more powerful than ever before
Friday January 18th, 2019
Swiss Backup, the Swiss backup solution for Windows, Mac, Linux, iOS and Android
Thursday November 29th, 2018
Infomaniak Sync: the Android app to sync your WorkSpace calendars and contacts
Friday November 9th, 2018
DebConf18 in Taiwan: Infomaniak contributes to Open Source at the highest level
Tuesday October 16th, 2018
WorkSpace 3: the new generation of Swiss Webmail is evolving with its users
Friday September 14th, 2018
Infomaniak launches Jelastic Cloud: the Swiss PaaS platform for developers and businesses
Tuesday September 4th, 2018
ISO 27001: Infomaniak stands out for its optimal management of information security
Friday August 3rd, 2018
Invitation management service: Infomaniak launches a tool for organising your events
Friday July 27th, 2018
Create an on-line store: e-commerce sites are becoming increasingly popular
Wednesday March 21st, 2018
How to create a VPN in Switzerland with a Synology NAS, hosted with Infomaniak
Thursday March 15th, 2018
Infomaniak integrates the European General Data Protection Regulation – GDPR
Tuesday February 6th, 2018
Is your WordPress site not yet in https format? Here is how to enable it
Wednesday November 15th, 2017
5 concrete, simple recommendations for increasing your open rate – Email Marketing
Friday April 28th, 2017
Starting 4 April, your admin console interface is going to be gradually evolving
Thursday March 30th, 2017
Transfer a domain without interrupting the operation of your emails and Internet sites
Monday March 20th, 2017
The Rolex Grand Slam organiser sends its newsletters with Infomaniak: Interview
Thursday November 24th, 2016