WordPress Security: Our Recommendations For Your Estate Agency Website

1st October 2019

Many Estate Agents and Property Websites use WordPress which is a Content Management System *CMS) with the largest amount of installations in the world.

The advantage of using WordPress, means they have a huge team of developers from around the world that contributes to the open web. This also means that website security should be one of the most important things to think about when using WordPress to ensure the safety of your website. There are so many third party plugins, themes and open source developers that provide services (both paid for and free), that it makes it a target for hackers and can pose a huge problem to your own little corner of the internet.

We’ve put together some recommendations for some security measures you can take to help with this and keep your site as secure as possible.

1. Ensure you are using SSL for your website

Google has recently started flagging sites that are not using SSL (Secure Socket Layer) as “unsafe” and “unsecure”. This is a protocol that helps encrypt communication to and from your website. Whether you are selling via an e-commerce platform or using your website to display properties, this protocol helps to secure private information you receive from your customers.

It also helps to protect you from anything trying to grab your username an passwords when you log in to your WordPress site.

There are many services that will install an SSL certificate for you, so if you haven’t already made the switch, speak to your hosting company and see what they can do. Or shop around and look for a reputable provider to install this for you.

2. Keep your WordPress installation and plugins updated

Because WordPress is used so widely and involves a vast array of plugins developed by the world, they do everything they can to ensure they are continuously pumping out updates to fix any bugs, new releases and update any potential security errors.

It’s super important to ensure you keep both WordPress and your plugins up to date to maintain an optimum level of security for your website.

We always advise you to make sure you back up your website and database first before you update anything, just in case anything does go wrong (which sometimes happens). There are also lot’s of plugins¬†available that will back this up for you.

3. Ensure your passwords are secure

You may have multiple users logging into your site, whether they are buyers, sellers or team members.

One important thing is to ensure that you have a password policy in place so that you can ensure anyone creating an account on your website has a secure password. Try to ensure passwords are not something that has been reused elsewhere and are completely bespoke. You can find password generators online that will give you the most secure password. These are generally a series of randomised numbers, letters and characters. So although it’s a little complex than remembering the name of your first cat, it offers much better security.

4. Secure your WordPress admin login

With WordPress being so widely used, knowledge of this means many people will be able to find your admin area. As well as this, how many of you use a username of “admin” or “administrator”?

You can make it harder for hackers by having a unique username that’ not quite so generic. There are also many plugins that will change the address for your login area from the usual /wp-admin to something of your choosing. You can also limit he amount of login attempts on the login form through one of these security plugins.

5. Backup your site

We encourage all our users to ensure they backup their website and database regularly. Once a month is a start, but if you are adding lot’s of content then weekly is definitely advisable. There are plugins that will do this for you, but if anything does happen to your website or you do experience a security breach or hacking incident, you can rest assured that you will have a backup of everything should you need to reinstate this.

6. Limit permissions

Consider who has access to the back end of your WordPress website and what kind of access they need.

If you have someone who manages your content, they don’t necessarily need administration permissions and having an editor role would also be much safer.

Do you have staff users who no longer work for you? If so, it’s good to have a clear out and remove anyone that no longer needs access.

Anytime a user stops working on your website, you should make it a priority to remove them completely and move any of their associated content to another user or administrator.

By following some of our handy simple tips above, you can start taking control of your own website’s security.

Whilst you’re improving your WordPress Estate Agency website, take a look at our extensive add on range here.