How to Improve WordPress Security

How to Improve WordPress Security 150 150 Greenlight Managed IT Support Services | Sydney | Melbourne

wordpress-securityAs the most popular content management system, WordPress is also subject to a higher number of security risks than other content management systems. These security risks have the potential to your website and your entire business at risk. With sensitive data such as banking information or employee records, it’s important that those managing your WordPress site take care to protect this information from nefarious sources. Thankfully, it isn’t all doom and gloom – there are things that you can do to protect your WordPress site, reputation, and your business. Here are a few tips on keeping your WordPress website secure:

A secure web host

Ensuring that your web host has a good security plan is the first and one of the most important steps in keeping your website secure. Website hosts are the most frequent way that WordPress sites are hacked, with an estimated 41% of WordPress websites being compromised due to web host security issues. This is because the web host is often the first in line to be attacked as hackers try to access up to thousands of accounts that may be located on each server. Therefore, it is of course important to ensure that your website host has a high level of security to protect your business in case of attack. Questions such as how your host handles security breaches and what methods they use to scan for security vulnerabilities should be asked of your web host before making a final decision.

Update regularly

Regularly updating your WordPress site and plugins is important to keep your WordPress secure. Hackers are always looking for weaknesses in WordPress code and plugins in order to find ways into your site. Therefore, WordPress and companies that offer plugins must be constantly correcting any weaknesses found in order to stay ahead of these hackers. By updating your WordPress site and plugins regularly, you are ensuring that you are keeping up to date on the latest security fixes available.

Smart WordPress settings

Certain WordPress settings can also go a long way in keeping your site safe. Here are a couple common ones that go a long way in keeping your WordPress secure:

  • Strong passwords – Do not use common passwords or passwords that can easily be guessed. Weak passwords are a major reason why websites get hacked, with 8% of WordPress websites being compromised due to weak passwords. Popular names, phrases, or simply having a “123” password will leave your website wide open to hackers. Instead, use a mix of numbers, letters, and other characters that will make it more difficult for hackers to easily crack your passcode.
  • Remove admin user – Removing your site’s default administrator account is an important change to make when securing your WordPress site. Having a unique log in account name adds an extra layer of protection to WordPress since hackers also have to figure out your login name. When setting up your WordPress site, make sure that you create a new administrative account for yourself with a unique login name and delete your old admin account.

Backup regularly

Regularly backing up your files is also critical in keeping your WordPress site secure. Since it’s basically impossible to guarantee safety, it is important that in the event that your website or data is compromised and anything is corrupted or has to be removed, that you can restore your website to a recent state. You can choose to back up your site manually and/or use plugins that will allow for automatic backups.

Great WordPress security plugins

In addition to your host having security programs, it’s important that you have your own security software for your site. There are lots of security plugins that will cover security for the different ways that hackers may attack your site. Some of the types of security plugins that you’ll need include:

  • Login Limiter – This type of plugin will limit the number of login attempts that can be made, stopping hackers from trying login names and passwords until they find the right combination.
  • Security scans – These plugins find vulnerabilities in your site and offer tips on how to fix them.
  • Antivirus – These plugins will protect your site from viruses, trojans, and other malware, either stopping them from entering or removing them if found.

The best WordPress security plan involves using a number of approaches in order to reduce the risk of being compromised. By following the suggestions above and adopting a holistic approach to website security, then you can rest assured in the knowledge that your site is as secure as possible.

5 Fixes For Your Slow Website

5 Fixes For Your Slow Website 618 803 Greenlight Managed IT Support Services | Sydney | Melbourne

Recently one of our customers was starting to experience occasional web site slowness due to their ever increasing website size and popularity of their WordPress site. As always, our team of talented engineers were onto the problem straight away and I thought it would be useful to share our thoughts on some of the things you should consider to optimise your WordPress site.

WordPress is one of the world’s most popular Content Management Systems (CMS). Its engine is used by an impressive list of websites that includes the likes of e-bay, Yahoo! and the Wall Street Journal. Even our own humble little site is built using WordPress. With any CMS, there are five critical factors that can transform the visitor experience (and improve your bottom line).

Core infrastructure

This should be the first question you should look at with any web host. Is this shared hosting, or are you using a VPS? Even if your site only has a few hundred visits a month, you should consider looking at using a VPS. It is only a slightly higher cost per month, but it gives you (or your IT support team) visibility in to what is going on. For example it allows us to pinpoint the hardware limitations that may be slowing down the web site, or even causing it to crash. There are tools out there to isolate exactly which part of a website is causing the problem. None of these tools are of any use in your standard consumer shared hosting environments, such as websites accessible through cPanel.

The Webserver

Not all webservers are created equal. While Apace has been around a long time and is the default for many websites, newer web servers such as nginx are engineered to provide a much faster response under high load scenarios. Again, you may need a VPS to take advantage of this technology as many hosting control panels do not support nginx.

Optimising Templates and Plugins

Many WordPress sites use third party templates and plugins that are incorporated into the site. What you may not know is that many of these templates refer to components that are hosted on remote website. Combining all this content onto your site, and using tools like Google’s Pagespeed can yield some truly great results.

Compressing Images

In some cases, images can also be optimised without any loss in quality. By default most modern SLRs take photos of sufficient quality to produce image the size of a billboard. This is probably overkill for many websites and by using image manipulation tools like Photoshop, or even Google’s free Picasa, you can shrink the images file size considerably without any noticeable loss in quality.


Most web pages are generated in real time as visitors browse your web site. Because much of the website content does not change much, it is possible to prepare the content in advance. We call this caching. There are two ways to achieve this. The first is to use a Content Distribution Network (CDN). The second is to use a WordPress to like WP Super Cache.
Why should we care about website performance? Research shows that speeding up your website pages by even a few seconds can have a dramatic effect on sales. And of course your competitors’ websites are only a few clicks away…