• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

OrganicWeb

Mailchimp Training & Consulting

  • Home
  • Services
    • Mailchimp Training
    • Mailchimp Consulting
  • Free Tools
    • Mailchimp Tutorials on YouTube
    • Subject Line Generator
    • Marketing Ideas Generator
    • Map Maker for Email
    • WhatsApp Click to Chat Generator
    • Avoid Email Going to Spam
    • Email Link Generator
    • Is Mailchimp Down?
    • Marketing Facts and Stats
  • Content
    • Blog
    • Videos
  • Contact & About
    • Contact
    • About

Rock-solid free security for WordPress

Tips to improve WordPress securityKeeping your WordPress website very secure is free. Yes, for whatever reason people perceive free things as of a lower quality. This is a big mistake when it comes to WordPress as your website can be near unbreakable for, well, free!

Mandatory WordPress security basics

If you’re not already doing so, here are three things you should and must be doing. The items below aren’t optional in my opinion:

  1. Apply all WordPress, plugin and theme updates as they become available.
  2. Have a regular backup taken of your website.
  3. Only use good quality plugins and themes listed at the WordPress free and commercial theme repositories and the plugin pages.

Three products and services that will totally protect your website

The above three items are really non-negotiable security items that every WordPress website owner should be doing or having done. The below three services and products will make your website far more secure and, best of all, they are free.Use the

Prevent password cracking

Back in the early days of WordPress.org, the primary administrator username was always ‘admin’. To hack a WordPress website was therefore as simple as guessing the password (as we already knew the username for every WordPress install). Fortunately the default username is no longer ‘admin’. Brute force attacks are however ongoing; in a brute-force attack a hacker essentially tries many username password combinations in quick succession until a valid username/password combination allows access to the WordPress dashboard.

The team at Jetpack (a plugin of various functionality developed by Automattic) include a module that protects against these bot-net attacks. Jetpack is free to install and use.

Stop hackers from seeing your website

As above, using Jetpack, we can stop bot-net attacks as they happen. But what if we could stop hackers (and their bots) from even reaching our website? Hello CloudFlare.

CloudFlare is a CDN with various web optimizations as well as really fantastic security. How it works is that traffic to and from your website are routed through CloudFlare (and their many servers all over the world including in Sydney, Australia). CloudFlare has data from tens of millions of websites and therefore has a database of hacker and bot methods, characteristics and IP addresses. If CloudFlare identified a hacker then they won’t allow the hacker to even view your website.

CloudFlare has a free account that is very good!

SSL Certificate (HTTPs)

HTTPs protects the data as it flows between your website and the customer (and vice-versa). An SSL Certificate is the means of ensuring that the content can be delivered reliably via HTTPs. This is important to ensure that what your visitors see is in fact from you and hasn’t been manipulated en-route. It’s also vital in ensuring that sensitive and private data isn’t read en-route. Google announced last year that they would start using HTTPs as a ranking for SEO. This has seen a huge uptake of website content being delivered via HTTPs.

CloudFlare (mentioned above) provides free Flexible HTTPs which means that your data between the CloudFlare servers and your visitors is encrypted. The data between your server and CloudFlare isn’t however encrypted using this model. Flexible SSL is free but isn’t a perfect solution (although it’s far between than no HTTPs at all).

A certificate authority that looks extremely promising will launch soon. Let’s Encrypt is a free and automated SSL certificate issuer that is backed by Mozilla, Automattic (the people behind WordPress), EFF, Cisco and other big names. Once Let’s Encrypt goes live there will be few reasons not to secure your website traffic with HTTPs.

Found this useful? Please share:

Related

  • How to get Mailchimp Subscriber Popup working in WordPress
  • Moving from Mandrill to Amazon SES in WordPress
  • Does WordPress work with PHP 7?

Filed Under: WordPress

Watch Gary in action

Gary frequently adds Mailchimp instructional videos to his YouTube channel. Subscribe to keep updated.

→  Subscribe   ←

How to add an editable attachment to a Mailchimp campaign.

How to add, and send, coupon codes in Mailchimp.

Reader Interactions

Leave a Reply Cancel reply

You are here: Home / WordPress / Rock-solid free security for WordPress

Primary Sidebar

Mailchimp write about my work

Read on Mailchimp.com

Learn from a Mailchimp Pro Partner

Signup to receive info about Gary's Mailchimp beginner and advanced classes.

Sign up

Gary on Australian National Radio

Changes are coming to the Australian Spam Act

Read Gary's article in SmartCompany

Meet Gary, Mailchimp Expert

Gary is a Mailchimp Expert and Partner. He delivers Mailchimp training and consulting services in Australia, New Zealand and Singapore. Gary presents at Mailchimp events and hosts the first, and only, Australian Mailchimp sponsored event. He is M.B.A. qualified from Henley Business School, U.K.

Contact Gary for your Mailchimp needs

Footer

Customer Rating

Mailchimp Pro Partners

Contact

Contact Gary for all your Mailchimp training, consulting and integration needs.

Contact Gary.

Copyright © 2022 · Sitemap · ABN: 40800872179 · Privacy Policy · Terms of Service