Making mistakes is human, but WordPress mistakes can lead to problems with your site security, something you don’t really want to be worrying about. In this post, I’ll be talking about the mistakes that often get made and, crucially, how you can avoid them on your own WordPress site, ensuring it is fast and secure.
- Using ‘admin’ as the login name.
This one keeps happening. The default WordPress login name is ‘admin’. Changing this makes it immediately harder to hack into your site. If you use ‘admin’ with a less than fortress-strong password, you’re asking for a hacking attack.
- Using an administrator to post content.
Being predictable in your WordPress installation can leave you vulnerable. If your site administrator is posting content, then their username is there on display.
Use the administrator role for work on the back-end of your site only. Have a contributor account as an author or editor, and while you can write the content, make sure that you post under a different name.
- Using ‘wp_’ as the table prefix.
Tables in WordPress start with ‘wp_’ by default – creating another predictable way in for hackers, with your site options table being ‘wp_options’. You can change this during installation in the wp-config.php file manually or in the form fields. Make it something hard to guess – you won’t need to worry about it again.
- Salts and keys not replaced.
Salts and keys are held in the wp-config.php file and are used to authenticate users that are logging in along with their machines. Once upon a time session cookies could be stolen to let hackers pretend to be you – with salts and keys this doesn’t happen. These can be generated here – copy all the information into your wp-config.php file.
- Backups not getting done.
Mistakes do happen and things can go wrong no matter how hard you try. You can restore your system to a previous version if you do get hacked, but only if you’ve backed everything up. There are countless ways to do this, either with your hosting provider, using VaultPress or even a free solution such as BackWPup.
- All categories, no tags.
Your site architecture is very important when it comes to SEO. You need to make sure that everything is planned and organised, particularly if you have a content-heavy site. Use tags to link your content and limit the number of categories so that your site has a simpler structure.
- Ignoring the cache.
Caching is important to your load times. It saves the final HTML markup on a user’s computer so that they don’t need to keep going to your database every time a page loads. You can add plugins to help with your site – try W3 Total Cache or WP Super Cache.
- Not updating every time.
Trying to remember to keep your site and plugins up to date is hard. However, it’s through older versions that a lot of hackers manage to enter sites through unfixed loopholes. If you’re on an older version of WordPress, it’s probably got a loophole that was fixed in the latest one so get it downloaded ASAP.