WordPress occupies the largest piece of the CMS market, powering over half of the entire internet. Although this is great for the platform and those who use it, it also makes WordPress an obvious target for hackers.
A compromised website is not only a pain to fix, it can also dramatically decrease revenue and damage your site’s reputation long-term.
As bad guys come up with more and more ways to wreak havoc, website owners must continue focusing on WordPress security in the new year. Here are five key security trends to pay attention to in 2017, in no particular order.
6 Important WordPress Security Topics for 2017
1. Two-Factor Authentication
One way to increase security is to use two-factor authentication during login. This involves two checks to make sure the person logging in is legitimate. These checks can be any combination of the traditional login information, a secret code, set of characters, and more.
Two-factor authentication essentially adds another layer of security to protect against hackers trying to break in. 2017 will likely see more websites using two-factor authentication and new and stronger authentication methods.
One top-rated two-factor authentication plugin, Clef, can be quickly downloaded and uses a code scanned on the logging in user’s mobile device. The login scan can be added to restrict access to any page or post using a shortcode.
2. SSL Encryption
In 2017, the use of Secure Socket Layer (SSL) certificates is expected to become even more important. Starting this year, WordPress will only be recommending hosting companies that offer SSL by default. In addition, WordPress will roll out new features that require websites to have HTTPS.
WordPress websites without SSL and HTTPS will need to add it to their website soon to stay onboard with the trend. This can be done by purchasing an SSL certificate through a hosting provider and easily implementing it with a plugin such as CM HTTPS Pro.
3. Managed Hosting
An alternative to shared hosting, which website owners can purchase for as low as 4 dollars a month, managed hosting offers a more customized, comprehensive hosting experience. With managed hosting, the hosting company often focuses on WordPress and offers expert support.
While the monthly cost is much higher than for shared hosting, managed hosting takes care of many tasks important for security, such as backups, uptime monitoring, and WordPress updates. Paying for managed hosting can help website owners keep up with the latest security threats through an entire support team.
4. Strong and Evolving Passwords
One of the most common methods hackers use to get into a WordPress site is by guessing the username and password or using stolen login information.
Especially if your website has multiple people logging in, make sure passwords are strong enough to keep bad guys out. Easy to guess passwords offer no defense and are an invitation for security issues. Also, frequently change passwords to keep hackers on their toes.
If you’re having trouble thinking of strong passwords, try online resources like this free random password generator.
5. Vetting & Updating Plugins
This security tip is important every year, but as time passes, more and more plugins are developed with vulnerabilities. Attacks that take advantage of plugin vulnerabilities are numerous. Often, attackers rely on WordPress users not updating plugins in order to wreak havoc.
It’s important to choose well-coded plugins from reputable developers and always make sure to update plugins whenever there are updates available. Bugs happen and reputable developers will quickly issue updates with patches to fix the issue. Also, if there’s a plugin you’re not using, get rid of it.
6. Concerns About PHP 7
WordPress users may also be concerned about the move to PHP 7 this year. PHP is the scripting language of WordPress and the latest version is the first update in 11 years. Sometime in 2017, WordPress is expected to shift the recommended PHP version from PHP 5.6 to PHP 7.
While the newest PHP version offers WordPress performance gains, many users have voiced concern over the security of PHP 7.
Many of 2017’s hot WordPress security topics have also been concerns over the years. Updating plugins and using strong passwords have been touted as easy ways to maintain security for years. These tried and true approaches, among others, will be important as attackers continue to find new ways to wreak havoc on WordPress websites.
What will be interesting this year is how security topics such as SSL encryption, two-factor authentication, and the use of managed hosting will continue to evolve, especially in the ever-changing landscape of WordPress.
How will developments in worlds of WordPress and WordPress security affect users at the front-lines of attacks? We’ll have to wait and see!