If your site isn\u2019t secure or gets hacked, information, such as passwords and personal information is vulnerable. Hackers<\/a> can steal user info and use it for malicious purposes.<\/p>\n Plus, your site can lose its good reputation. If your site is not secure and becomes vulnerable, you can get blocklisted by Google, and your ranking could even take a nosedive in the SERPs. Yuck!<\/em><\/p>\n This article explores the top cost-saving measures you can implement to stop hackers in their tracks, keep bots aways, and stay ranking high on Google.<\/p>\n We\u2019ll look at how to boost security from the WordPress admin and also with the help of our free security plugin, Defender<\/a>.<\/p>\n Here’s what I’ll be covering:<\/p>\n By the time you read this, you\u2019ll have plenty of ways to keep your WordPress site secure for free.<\/p>\n So, put your wallet away. You won\u2019t be needing it here.<\/p>\n We\u2019ll start with some essentials to avoid any unfortunate security issues. Some of these precautions may be obvious to you, but they\u2019re worth mentioning.<\/p>\n One of the most important precautions you can take is to keep your WordPress, plugins, and theme updated.<\/p>\n WordPress is regularly installing updates to keep things current. On top of that, themes and plugins frequently are updated and maintained.<\/p>\n If themes and plugins are not maintained properly, they\u2019ll become outdated and a security risk by becoming vulnerable to bugs. It\u2019s essential to keep all of these elements of WordPress up to date.<\/p>\n WordPress makes all of this quick and easy to do. By clicking on the Updates<\/strong> tab in the dashboard, you\u2019ll see a detailed look at what needs updating.<\/p>\n Plus, you can enable automatic updates for all new versions of WordPress from here, so you don\u2019t even need to worry about doing it manually.<\/p>\n Keeping tabs on your WordPress version, themes, and plugins is a crucial part of keeping your site secure. It doesn\u2019t cost a dime to do, and is easy to maintain.<\/p>\n Good news if you’re a WPMU DEV member… all plugins, themes, and WordPress files automatically update with our Automate feature<\/a> (which comes free with The Hub) — so you’re already taken care of!<\/p>\n It\u2019s important to point out that you don\u2019t want to use any outdated plugins or themes to begin with. Fortunately, WordPress gives notification for plugins and themes that haven\u2019t been updated.<\/p>\n For example, if you are searching for a plugin on wordpress.org and see this towards the top of the plugin\u2019s page\u2026<\/p>\n …you\u2019ll want to avoid that plugin. Similarly, an outdated theme will display the same type of message.<\/p>\n Avoid any plugins or themes that aren\u2019t updated to begin with.<\/p>\n Chances are, the developers who created them have abandoned it, and it will not be updated soon.<\/p>\n If you do find that you have outdated themes and plugins, delete them. Even if they\u2019re not in use, they\u2019re not worth having around and are susceptible to bugs.<\/p>\n One of the most frequent hacking attempts is with passwords. So it\u2019s becoming more common these days with any online account to use a strong password, and the same is true with WordPress.<\/p>\n Make your passwords unique, with characters, numbers, and letter combinations that would be extremely difficult ever to replicate. You should do this with your FTP accounts, hosting, email, and database as well.<\/p>\n WordPress will automatically create a strong password for you in the admin. You can choose to create your own or use their suggestion.<\/p>\n Plus, don\u2019t give your account information to anyone and grant them access (I think we all know better, but still, I had to mention it…). You can set up users and roles in WordPress for others, but keep your passwords private.<\/p>\n Also, change your passwords regularly. It\u2019s suggested that every 30-days or so is a good time frame for generating a new password.<\/p>\n You can take a few other free security precautions when it comes to WordPress.<\/p>\n Logging out of your account when not in use, deleting spammy comments, and limiting roles for other users are some other easy ways to stay secure.<\/p>\n Beyond the admin, you\u2019ll see that there\u2019s a ton that can be accomplished with the help of a plugin when it comes to beefing up your security.<\/p>\n The majority of security precautions you can implement for free can be handled easily with our very own plugin, Defender<\/a>.<\/p>\n Defender can stop brute force attacks, SQL injections, cross-site scripting XSS, and tons more like malware & antivirus scans, IP blocking, security log, and two-factor authentication login security.<\/p>\n When it comes to a free security solution, Defender is a perfect option to keep your site safe and secure! Plus, it\u2019s all easily manageable as he makes security a breeze.<\/p>\n Here\u2019s a breakdown of what Defender can do to stop any hackers or bots that are up to no good.<\/p>\n Defender mentions security recommendations you can make to improve site security, like disabling XML-RPC, hide error reporting, disabling trackbacks & pingbacks, and more.<\/p>\n Many of the recommendations can be handled in one-click and bulk by way of the Security Recommendations<\/strong> area.<\/p>\n It\u2019s suggested to take care of all of the recommended security tweaks; however, some might not be practical for your WordPress site.<\/p>\n If you ever need to revert a tweak, you can do so with the Revert<\/strong> option.<\/p>\n You can get a detailed look at all of the recommended tweaks in the drop-down menu.<\/p>\n There, you\u2019ll be able to see an overview of the vulnerability, status, how to fix, an option to ignore, and also an action button that\u2019s unique to the suggested fix.<\/p>\n For more information, be sure to check out this detailed look at security tweaks with Defender.<\/a><\/p>\n Malware Scanning<\/strong> is a great resource for keeping your site protected. It checks your WordPress core files for suspicious code.<\/p>\n This tool compares your WordPress install with the master copy in the WordPress directory, reports any changes, and enables you to restore the original file in a click.<\/p>\n The scan results are viewed directly on Defender\u2019s dashboard. You can get a detailed look at the results under View Report<\/strong>, showing the suggested fixes for each issue.<\/p>\n From there, you can take care of them in bulk.<\/p>\n![\"defender](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2020\/12\/free-wordpress-security-defender-copy.png\")
\n
\n
1. <\/a>Quick and Easy Ways to Secure Your Site in the WordPress Admin<\/h2>\n
<\/a>An Updated WordPress is a Secure WordPress<\/h3>\n
![\"Where](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2020\/12\/updates-in-WordPress-admin.png\")
![\"The](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2020\/12\/WordPress-updates.png\")
2. <\/a>Keeping Your Site Secure by Noticing Outdated Plugins and Themes<\/h2>\n
![\"The](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2020\/12\/outdated-plugin.png\")
![\"The](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2020\/12\/outdated-theme.png\")
3. <\/a>Creating Secure and Strong Passwords<\/h2>\n
![\"The](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2020\/12\/new-password.png\")
4. <\/a>Some Other Security Tweaks to Consider in the WordPress Admin<\/h2>\n
5. <\/a>Securing Your Site for Free with Defender<\/h2>\n
![\"An](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2020\/12\/defender.png\")
<\/a>Security Tweaks<\/h2>\n
![\"Defender's](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2020\/12\/security-recommendations.png\")
<\/a>Security Scans<\/h2>\n
![\"New](\"https:\/\/wpmudev.com\/blog\/wp-content\/uploads\/2020\/12\/malware-scanning-copy.png\")