When it comes to web design, some topics — like layout and imagery — have a built-in excitement about them.
But WordPress security? Not overly exciting (except to geeks like us). But that doesn’t mean it’s not important, which is why I’d like to share a handful of security tips for your WordPress site …
FTP vs. FTPS
FTP stands for File Transfer Protocol. It’s a fancy way of referring to how we transfer files from a server to a computer, or vice versa. There are other applications where FTP comes in handy, but we don’t need to cover them here.
The problem with FTP is not very secure.
Hackers can install a “snooper” type virus which will literally snoop on your FTP data as it’s sent back and forth. All FTP sessions require authentication. With FTP, your Username and Password are unencrypted plain text, making it easy for these snoopers to attain your credentials — and then the hackers will log in and inject malicious code into your files.
With FTPS, the “S” on the end of the acronym stands for secure. FTPS performs all the same functions as FTP, but it involves the use of a secure SSL/TLS layer, which encrypts your information.
At Cuppa SEO, every website we build is created with FTPS in place. If yours isn’t, speak with your web designer about making it so.
HTTP vs. HTTPS
There’s been more talk lately about standardizing all websites to HTTPS.
HTTP vs. HTTPS works very similarly to how FTP and FTPS. One is secure, while the other is not. HTTPS encrypts the data being sent to/from your browser and the server — a very important security function for any WordPress site that contains a database or offers an online store.
HTTPS is more of a privacy thing. It prevents hackers from being able to read the info being sent/received and also prevents them from manipulating the data without you knowing it.
It’s possible that HTTPS can also add a little more SEO authority to your website, but it might not be enough to warrant moving a non-commerce or non-database site over to it. There’s more involved with changing an existing website over from HTTP to HTTPS. But if you’re building a new site, definitely go with HTTPS. You can even get free SSL certificates for the job.
Admin Password
In addition to FTPS being a guard against hacking, so is a strong WordPress admin user name and password. If your user name is “admin,” that’s about as hackable as it gets. Change it, or create a new admin account (then delete the old) right away.
As far as passwords, create something that gets a “strong” grade. Yes, it’s easy to remember “1234” as your password. But a bot can hack that in milliseconds. If you have trouble remembering passwords, get an application like Last Pass and keep them all documented and secure.
