Secure Your UA.edu WordPress Site

Update Regularly

Perform updates when they become available for your website. WordPress regularly makes updates to make your website more secure. By applying the updates and patches, you can ensure your website is receiving the latest security protection. Also, remember to update plugins! Hackers can be successful simply because a plugin is out of date. Keep your website, and your plugins, updated.

Start Secure

Apply a security certificate to your website. If your website is not listed as “https” email security@ua.edu to make the request. Our team will be happy to assist.

Protect Your Login and Database

  • Apply DUO two-factor authentication to your WordPress login.
  • Change the admin username to a custom username. Hackers look for “admin” accounts.
  • Use a unique password. Remember, the longer a password is, the stronger it is. We recommend 12+ characters.
  • Ensure your other site administrators and editors have reset their default passwords to longer, stronger passwords.

Hosting

Ensure your website is setup to connect securely using SFTP or SSH, not standard FTP. You can also set directory permissions to protect the entire filesystem.

Backup

Backup your site regularly! There are several plugins that can help with this: VaultPress, BlogVault and Backup Buddy just to name a few.