7 critical measures for protecting your WordPress admin area

7 critical measures for protecting your WordPress admin area

Content management system platforms like WordPress have successfully democratized website building in the current digital era, with what used to be a potentially expensive and tedious and difficult process, now becoming easier and more accessible for both inexperienced and experienced site owners. But how do you go about protecting your WordPress admin area?

However, the issues of security have remained challenging for many WordPress site owners. According to a report by WordPress security plugin WordFence, almost 90,000 security issues were reported every 60 seconds on WordPress websites in 2020.

This data is even more troubling when we take into account login-based WordPress sites like eCommerce platforms, where sensitive information such as banking and debit card details are shared daily.

If you’re trying to build a website, using WordPress is a great idea, but you may be worried about the security of your WordPress admin area, especially given the sheer volume of cyber threats in the previous year. 

If you wish to reinforce your log-in mechanics, consider these seven simple measures to secure your admin area.

1. Change your passwords often

Let’s start with the basics of WordPress admin and login security. It may seem like the simplest solution when it comes to your site’s security, but changing passwords is often overlooked as an effective security measure.

This cybersecurity approach is essential to any login-based online service and should be implemented across all types of sites, from streaming platforms like Netflix, to social media sites like Instagram, to online group meeting apps like RingCentral. When it comes to preventing admin-related issues, changing a password regularly is a popular cybersecurity tactic. 

2. Keep your plugins updated

Let’s go back to that WordFence data we mentioned earlier. In one study conducted by WordFence researchers, it was found that over half of WordPress cybersecurity issues (52%) were caused by plugins. 

As such, he first step toward securing your WordPress site is investing in WordPress security plugins. Many of these track and record login attempts to analyze any possible admin area threats.

Additionally, it’s important to get rid of outdated WordPress plugins. These pose a threat to your site’s security since they stop updating, meaning their security measures end up being lacking. The safest course of action is to uninstall them, as disabling doesn’t get rid of the additional (and weak) code. Use UpdraftCentral to efficiently manage, update and backup multiple website plugins, themes and backups from one place for sites on which UpdraftPlus is installed.

3. Implement SSL login pages

SSL stands for “secure sockets layer”. This security protocol is generally used on websites that store sensitive data, especially those that require authentication to log in. In essence, SSL measures activate a digital lock – technically, an HTTPS protocol – that guarantees a secure connection from the server to the browser.

Usually your run-of-the-mill hosting provider will include these measures in your subscription. If they do not, consider purchasing an SSL certificate and installing it on your WordPress server. 

This is especially useful for eCommerce WordPress sites, which ask their clients to log in with a profile to automate the checkout process when paying via credit or debit card.

4. Limit login attempts

Restricting the number of possible login attempts is one reliable cybersecurity tip to protect data, especially if you’re looking to prevent potential brute force attacks. 

These cybersecurity breaches are achieved by bombarding an admin platform with every conceivable combination of characters to form passwords, using a simple but effective cracking method of trial and error. 

By limiting login attempts, you can protect your users and your page from attacks of this nature.

Limit login attempts WordPress security image

Image Source

However, when it comes to WordPress admin security issues, it’s important to note that not every hazardous log-in attempt comes from criminals looking to steal data. Sometimes, admin platforms are subjected to non-malicious intrusions performed by users.  

If you’re running a WordPress site that provides user registration, there’s a chance that your users – or yourself – will get locked out of their account by accident. Forgetting your password has happened to everyone at some point after all.

The best way to separate malware attacks and non-malicious intrusions is to implement a network intrusion detection system that can track, record, and analyze potential login or admin issues, without interfering with the traffic it monitors. This way, you can ensure you’re not punishing forgetful users, but are keeping them protected nonetheless.

5. Use two-factor authentication

Two-factor authentication is a security protocol that enforces an additional check on users looking to gain access to WordPress sites. This protection method adds an extra layer of security to passwords by asking for a unique one-use-only code that’s sent to your smartphone.

These apps and plugins are installed on your smart device and will send the codes so you can access your WordPress login screen. This approach is seen as a more secure way of changing your passwords regularly and is particularly recommended for eCommerce sites.

6. Implement IAM solutions

Identity and access management (IAM) software solutions are used to limit the number of remote users accessing online platforms via admin areas and login accounts. In the digital era, the IAM market has grown rapidly and the current list of IAM solutions available can overwhelm newcomers and inexperienced WordPress site owners alike.

There’s a basic list of points to follow to make the most of your IAM service, regardless of which IAM option you choose. Here’s a shortlist of what to do before you commit to a particular provider:

  • Access the IT architecture.
  • Look for any possible incompatibilities between the OS, third-party application or plugins, and the IAM tool.
  • Verify that your IAM system is compliant with guidelines and laws in your industry, market, and country.

Security WordPress image

Image Source

7. Have a backup

The sad truth is, some things are unavoidable. It may be difficult to read, but there’s a chance that even if you do everything right, hackers will still be able to gain access to and attack your admin area. If that happens, it’s important to have a plan of action ready.

Imagine the worst-case scenario: your site has been attacked and hacked. There are no more prevention measures to implement. 

First things first, remember not to panic. Work to identify the problem and react accordingly. The best way to know if you’ve fallen victim to a cybersecurity breach is to look for possible signs of a hacking attack: 

  • You’re unable to log in.
  • Your site is redirecting elsewhere.
  • Your content has disappeared or there is new strange content and links.
  • Your site is running slower than usual.

Once you’ve identified the problem, the fastest way to fix any possible issues is to restore your WordPress website using UpdraftPlus. This will allow you to undo any hazardous changes and get back to normal as quickly as possible. To do so, you must have an older version of your site as a backup somewhere secure – such as a cloud storage platform.

As you may be aware, having your data backed up is one of the most essential things to do in terms of cybersecurity. If you want to keep a record of past versions of your site separate from your site, cloud-storage solutions offer safe and secure backups that can help you relaunch your site in just minutes after an attack.


Now you have read seven effective security tips for your WordPress admin area, let’s reiterate what we’ve learned so far:

  • Change your passwords often.
  • Install login security plugins (and uninstall old or obsolete plugins).
  • Implement SSL encryption-based protocols.
  • Combat brute force attacks by limiting login attempts.
  • Use additional one-use-only passwords and codes by adding 2FA.
  • Limit your log-in possibilities with IAM software solutions.
  • Have a contingency plan to fight security breaches, malware, and ransomware viruses.
  • Keep a backup version of your site and use it during cybersecurity emergencies.

If you follow these measures, your WordPress site should be protected from any attacks and ready to combat and react to any issues, should the worst happen. 

What are you waiting for? Go out there and turn your WordPress page into an online fortress using UpdraftPlus and UpdraftCentral today!

John Allen has written for websites such as Hubspot and Toolbox.

The post 7 critical measures for protecting your WordPress admin area appeared first on UpdraftPlus. UpdraftPlus – Backup, restore and migration plugin for WordPress.

How to upgrade from Free UpdraftPlus to UpdraftPlus Premium

How to upgrade from Free UpdraftPlus to UpdraftPlus Premium

When upgrading from your Free version of UpdraftPlus to UpdraftPlus Premium, the process can be a little tricky if it is your first time. As UpdraftPlus Premium is not listed on WP.org, it isn’t as simple as just clicking an upgrade button. But if you follow this easy to use guide, upgrading from UpdraftPlus Free to UpdraftPlus Premium can be quick and easy. 

Step 1.

Assuming you have the free version of UpdraftPlus installed, you need to deactivate and delete the UpdraftPlus free plugin from your WordPress site.

Step 2.

You now need to install the UpdraftPlus Premium plugin. This can be downloaded by following this link. Save the file to your computer.

Step 3.

Next, go to your WordPress site and choose ‘Add New’ plugin. Select the ‘Upload Plugin’ button. Now select the UpdraftPlus Premium file you just downloaded (it can usually be found in the “Download” folder on your PC) and press ‘Open’ and activate.

Step 4.

Your UpdraftPlus Premium plugin should now be installed. Go to ‘Settings’ and you should now see ‘UpdraftPlus Backups’. 

Step 5.

You now need to connect your UpdraftPlus account to the Premium plugin. To do this, go to Premium/Extensions and log in using your UpdraftPlus.com account details and press ‘Connect’. 

Step 6.

You are now connected to UpdraftPlus Premium. To claim any add-ons you may have purchased (such as Azure remote storage backup), remember to press the ‘Activate it on this site’ button, which will allow you to use your purchased add-on feature with your WordPress site.  

Step 7.

Finally, refresh the connection by pressing the below link and you are good to go. All Premium features and add-ons should now be available.

Step 8.

Don’t forget to then go to the UpdraftPlus settings page to set your backup schedule and press the save button at the bottom of the screen!

Download UpdraftPlus Premium today. If you require further detailed instructions, more information can be found here. Be sure to comment and let us know if you have any questions.

The post How to upgrade from Free UpdraftPlus to UpdraftPlus Premium appeared first on UpdraftPlus. UpdraftPlus – Backup, restore and migration plugin for WordPress.

WP-Optimize release latest 3.1.9 update

The latest update for WP-Optimize 3.1.9 has now been released. As well as lots of fixes and tweaks, there are several new features included. The first of these new features is the ‘Power Tweak’. This Premium feature allows you to change the meta_key field length and create a new index. This can significantly speed up database requests on websites with large post_meta tables. Power tweak works by tweaking the table’s schema to enable indexing. 

The second new feature we have included in this release is the ‘Automatic backups’ feature. When using the new automatic backup feature, users can now use UpdraftPlus during scheduled optimizations. As such, database backups with UpdraftPlus can now run before automatic scheduled database optimization. The third new feature in this update is the ‘Keep last X revision’ update. This feature allows you to delete post revisions, but now gives you the option to keep a specified number of revisions. Before this update, users could only keep revisions by time setting only. This change gives users more flexibility and increased safety when making post revisions. . 

The updates to WP-Optimize 3.1.9 are available now and also includes the following:

  • FEATURE: Power Tweak – Change meta_key field length and create new index
  • FEATURE: Premium – Automatic Backups using UpdraftPlus during scheduled optimizations
  • FEATURE: Keep last X revisions
  • FIX: Overlapping header notice in mobile view
  • FIX: Cache – Wildcard not working in cache exclusions
  • FIX: Prevent error in htaccess when mod_header isn’t available
  • FIX: PHP Fatal error on deleting plugin
  • FIX: PHP 8 Issue: loadAsync JS error
  • FIX: RankMath breaks robots.txt
  • TWEAK: Bypass minify when editing translations using TranslatePress
  • TWEAK: Purge minify cache from front end
  • TWEAK: Minify – Prevent cache directory creation while disabled
  • TWEAK: Add Google Fonts API version 2 support
  • TWEAK: Minify – Save all tab content settings changes with single Click
  • TWEAK: Improved optimization preview
  • TWEAK: Filter the list of preloaded URLs
  • TWEAK: Update seasonal notices
  • TWEAK: Bump WP version requirement to 4.5+

The post WP-Optimize release latest 3.1.9 update appeared first on UpdraftPlus. UpdraftPlus – Backup, restore and migration plugin for WordPress.

Deaf Awareness Week 2021

Deaf Awareness Week 2021

From the 4th to the 10th of May, it is Deaf Awareness Week in the UK. A week that aims to raise awareness and help challenge the perceptions of those suffering from loss of hearing and deafness in the UK.

When building a WordPress site, it can be all too easy to overlook the various elements of accessibility. Putting together all of your content, plugins and themes can be an overwhelming and time consuming process. As such it is all too easy to forget that there might be elements on your site that could cause an accessibility issue for people with hearing issues. If you want to build the best possible site for your users, designing it for accessibility can be both incredibly helpful and rewarding. 

As we previously covered in our blog, issues like being colour blind can have a big impact on a users ability to properly use a website. In this blog, we will go into what changes you can also make so your site is more usable for those users with hearing issues. 

How do you make a website accessible? 

Website accessibility refers to the practice of removing barriers that prevent interaction with, or access to websites by people with disabilities. When sites are correctly designed, developed and edited, all users have equal access to information and functionality. With regards to what issues designers may have to change to accommodate deaf users, lots of websites include introduction videos in their headers for example. Without subtitles, these videos can give no information and can cause frustration for the user. 

The sound of metal text to speech

The recently Oscar winning movie “The Sound of Metal” showed how important assistive technology is for those with hearing loss.

While it may sound like a complicated and difficult task to enact these changes, removing these barriers can be a simple and straightforward process. With just a little effort and time, you can open up your site to a whole new audience.

While there are lots of secondary assistive technologies available for users with disabilities to surf the net, you should always make the effort to ensure that your site meets recommended guidelines that will enable those assistive technologies to help the user.  While there are many more obvious tools to help users with vision issues, the increase in popularity of ‘speech to search’ tools, video sharing, video conferencing and ‘online phone-calls’ shows just how important it is to accommodate users with hearing issues with subtitles/closed captions where available.

How to test your site accessibility

If you make any changes to your site, it is always a good idea to run a test.

One of the best tools to test the accessibility of your WordPress site is the
Accessibility Checker plugin by Equalize Digital. The plugin is free to install and works by scanning your sites content and providing warnings notices in real time when you are editing, to ensure posts/pages are ‘Web Content Accessibility Guidelines’ compliant. The plugin will also tell you which section of your code needs to be changed in order not to trigger the accessibility issue, allowing you to make the necessary adjustments. The pro version has the added functionality of scanning custom post types, open issue list, diagnosed issue log, user accessibility roles and an ‘Accessibility Statement’ for your site.  


While website accessibility for users with visual impairment is a more obvious aspect of a site’s accessibility, making changes that can help those that are hard of hearing can be just as helpful for users navigating your site. Be sure to review your site today and check that there are no elements that are not accessible to the deaf community during Deaf Awareness Week.  

The post Deaf Awareness Week 2021 appeared first on UpdraftPlus. UpdraftPlus – Backup, restore and migration plugin for WordPress.

One year on: The future of remote working

One year on: The future of remote working

A personal reflection on remote working by our marketing manager, Wayne Mullins in the UK.

It has been well over a year now since we all first heard the term ‘Covid-19’ and the world underwent a massive fundamental change to the way we work and live that no one could have seen coming. After just over a year of lockdowns, travel restrictions, nearly 3 million deaths, lost jobs, businesses closed forever; we have also undergone a change in working practices bigger than anything since the advent of the industrial revolution. We have all been thrown into unfamiliar situations and have had to adapt to leaving the traditional office environment behind and change to a new remote working situation. What have we all learned in the last year and what will this mean for the future of office work?

Before Governments all over the world imposed nationwide lockdowns due to Covid – affecting nearly every office based business, employers were generally reluctant to allow those who could or wanted to work from home to do so. 

Thanks for the imposed lockdown, call centre employees – once crammed into cramped and outdated offices by their hundreds to use a PC and headset that could literally be setup in any location with an internet connection, now had the type of work/life balance and freedom that was thought of as impractical and impossible previously. However, there remained a lingering and prevalent sense of the office ‘old-school manager mindset’ that believes workers need constant supervision and direction in order to properly do their jobs. This belief states that employees should always be within shouting distance and there are many managers still operating under the assumption that workers would use the opportunity of home working to skip work and become less productive. 

Now that the global pandemic has forced the flexible working conversation to the forefront of employment relations, industries such as call-centres – that had stuck hard and steadfast to the traditional working pattern – have been forced to reevaluate just how effective the old way of working really was.

No one knew exactly how the great working from home experiment would workout for employees or employers, let alone the kind of impact it would have on the economy. However after much speculation, studies have shown that it has been a huge success. A recent study carried out by Cardiff University and the University of Southampton, found that 70% of respondents were able to work at a level that was just as productive, if not more so while in a working from home situation. The study also found that productivity could be improved by a permanent shift towards remote working, with 9 out of 10 employees eager to continue working from home in some capacity.

The benefits of not spending countless hours every day stuck in a petrol spewing car or a cramped and expensive train are obvious. These changes have also resulted in employees having the opportunity to become ‘accidental savers’ for the first time, while also allowing more time for people to explore personal hobbies and interests, as well as spend valuable time with family. The changes have also helped improve sleep patterns for millions, generally resulting in a happier and harder working workforce. 

A recent survey carried out by TalkTalk revealed that both employees and employers believe that remote working has had a positive impact on productivity. 58% of workers said they felt more productive when working from home, with 30% of business leaders agreeing with this assessment. In addition to this, 35% of leaders also stated that their employees were working more collaboratively from home, as opposed to in the office.

As mentioned previously, the financial savings and positive environmental impact that came from reduced travelling (both international and local) has been massive. Busy commuter work areas such as Dheli and Manhattan have presented preliminary data that air quality had improved during the pandemic. In China, lockdowns and other measures resulted in a 25 percent reduction in carbon emissions and 50 percent reduction in nitrogen oxides emissions, which one Earth systems scientist estimated may have saved at least 77,000 lives over two months. While overly optimistic stories of ‘dolphins and swans returning to Venice’ have been largely debunked as fake viral news, cities like Venice are using this opportunity to make badly needed environmental changes, such as the banning of large cruise ships from the historic center to protect against further flooding and pollution.

While there appears to be many benefits to working from home for employees/employers and the environment, there has of course been a downside to these changes. While Governments and businesses are losing billions due to the exodus from the world’s city centres, the emotional toll has also had a sizable impact on many people.

A recent poll suggested that 40% of UK employees already felt that work was seeping into their home life. But by August of 2020, this figure had shot up to 52%, showing the effect of widespread home working. Workers stated that some have found it difficult to switch off in the evenings, with a quarter of those polled stating that they are working longer hours when at home. For those people with young children, trying to balance home-schooling and childcare duties with remote working has also contributed to a decline in work-life balance.

Moving forward

As the world starts to come out of lockdown and hopefully return to a more ‘normal’ situation, what does this mean for those who have become accustomed to working from home? Many will be reluctant to return to the soul crushing daily commute and expense of travelling to an office, just to stare at the same computer monitor they have been using at home to great success for the past year.

While home working has some issues and challenges that need to be addressed, a recent study by YouGov suggested that many office employees will be reluctant to return back to the traditional 5 days a week of office work. The study stated that only 7% of office workers hope to return to the traditional full-time office working pattern, whilst 20% stated that their preferred option would be to work from home full-time, with 32% opting for a mix of office work and working from home, with the freedom and opportunity to work from home most days. This would allow for a day or two of office work per week in which to conduct face to face matters and build in personal relationships. 

Whatever changes the future brings, it is clear that the Covid-19 pandemic has altered the way we live and work to a generational defining degree. Hopefully we will emerge from the experience wise and bolder in our attitudes and behaviour towards working environments and expectations.

While continuing to work from home can still present challenges for many, we have learned some valuable lessons that can be implemented to help improve your home working experience. 

Homeworking improvements 

  • Switching off when the work day is done

One of the main issues reported when home working is being able to separate your home office from your home. When they are the same place, it can be very difficult to mentally flip from work to home mode as the lines of your work/personal life can easily become blurred. This has given to the increased recommendation and use of a dedicated work area and the massive growth in popularity of garden shed offices.

  • Maintaining focus

One of the issues people have struggled most with when working from home is dealing with the constant stream of potential interruptions. Family and children requiring attention and supervision, social media, noisy neighbours, pets, and the call of your smartphone are all doing their best to distract you from work. Setting up hard rules in order to maintain focus can be a difficult and bumpy ride for lots of new working from home employees. Many are still struggling to find a happy medium, even after a year. But as attitudes and work patterns change and start to become the accepted norm, people will learn to adapt fully and learn to block out all the distractions. 

  • Work relationships

It is an inescapable fact that for better or worse, working from home can be a difficult and lonely experience for many people. For many, work colleagues are the only other people they interact with on a daily basis. When you have become accustomed to interacting with a large office full of people every day, suddenly finding yourself isolated – both professionally and personally – can be difficult to deal with. Keeping in touch with your work colleagues on both a professional and personal level can help you maintain a strong sense of being connected and part of a team. Slack chats, WhatsApp group chats, Zoom calls and email chains are all important ways to help you stay in touch while working from home.

  • Change Up Your Working Environment 

Regardless of how well you set up your home work office and how free of distractions it is, looking at the same 4 walls everyday will have a monotonous and negative effect on anyone. Changing your work environment has proved to help improve creativity and productivity. So don’t be afraid to take your laptop into the garden to get some badly needed fresh air and sun, weather permitting of course.

The future

As the vaccine roll-out continues across the world and infection rates fall, many organisations will start to look at what the future of traditional office work will look like. Will companies continue to justify spending millions in property rentals and contribute massive amounts of Co2 emissions, when the great working from home experiment has shown that remote work is both sustainable and productive?

It is likely that now the genie is ‘out of the bottle’, business leaders have realised that long held suspicions that ‘working from home = not working’ are unfounded. Partial or full home working will likely become the latest hard won workers’ right (such as weekends off, sick pay, pensions, maternity leave, paid holidays etc.) to be an expected benefit for applicable jobs. While there will be many that will want to go back to the traditional 5 days in an office working environment, most will weigh up the financial savings and employee demands and continue to offer it as an option. In modern competitive working environments, it will also become essential to compete with other companies offering a home working option. This will likely result in the normalisation of a hybrid working pattern to accommodate employees eager to retain new working from home options afforded to them during the Covid crisis.

The post One year on: The future of remote working appeared first on UpdraftPlus. UpdraftPlus – Backup, restore and migration plugin for WordPress.