WordPress Security

Secure Your University of Alabama WordPress Site

Update Regularly

Perform updates when they become available for your website. WordPress regularly makes updates to make your website more secure. By applying the updates and patches, you can ensure your website is receiving the latest security protection. Also, remember to update plugins! Hackers can be successful simply because a plugin is out of date. Keep your website, and your plugins, updated.

Apply a security certificate to your website

SSL certificates enable encryption of sensitive information during online transactions and are used to confirm the identity of a web site or server and ensure the integrity of transmitted data. Email the IT Service Desk to request a certificate. You will be contacted for the required information needed to generate the certificate.

Cost and Restrictions

UA participates in the InCommon Certificate Service, which provides unlimited SSL/TLS and client certificates at no cost to UA employees or departments. InCommon, which is operated by Internet2, uses Comodo as the certification authority. More information about the InCommon Certificate Service and the certificates offered under the program can be found on the InCommon website.

Protect Your Login and Database

  • Apply Duo two-factor authentication to your WordPress login. Simply install the Duo two-factor authentication plugin, and contact the OIT Security team for activation instructions.
  • Change the admin username to a custom username. Hackers look for “admin” accounts.
  • Use a unique password. Remember, the longer a password is, the stronger it is. We recommend 12+ characters.
  • Ensure your other site administrators and editors have reset their default passwords to longer, stronger passwords.

Hosting

Ensure your website is setup to connect securely using SFTP or SSH, not standard FTP. You can also set directory permissions to protect the entire filesystem.

Backup

Backup your site regularly! There are several plugins that can help with this: VaultPress, BlogVault and Backup Buddy just to name a few.