I have quite a few clients who are less afraid of a root canal than keeping their WordPress website secure…so I created a basic security service for them. But, in truth it’s not scary (or even difficult) to keep your website safe from online threats.
While there is no 100% guarantee your website will never be attacked, there are a few simple steps you can take to make sure it won’t be easy (and very likely to cause malicious hackers to move on to easier prey). With these few simple steps, you can make sure your website is safe (and backed up just in case):
1. Backup Your Website Regularly – Make a complete backup of your WordPress database, images, and all content. Use a backup plugin (like Backup Buddy) and it becomes a one-click operation. Store the backups locally on your server and on a remote storage server like Amazon S3. Even if your host offers a backup plan, for your own peace-of-mind, keep one stored offsite to be safe.
2. Keep WordPress, Themes + Plugins Updated – It’s easy to keep your website and software updated because WordPress notifies you whenever it’s time. Generally it’s a one or two click operation to make sure you have the most recent release of WordPress, your plugins, and any themes you might be using. If you don’t keep them updated, you do run the risk of getting hacked because the updates are often a result of the developers having found a vulnerability. When they do, they release update it to make it better and safer–but it’s up to you to make sure the update is made on your website. When you log in, if you see that a plugin, theme, or WordPress requires an update, just do it!
3. Completely Delete All Themes + Plugins Not In Use – Any additional software on your website carries inherent risk. If you don’t use a theme, get rid of it. Same thing goes for plugins. Don’t use plugins that aren’t absolutely necessary for you to conduct business online. If it doesn’t contribute to your bottom line, I say get rid of it. Less is always more when it comes to plugins. The best thing you can do for your business and your website visitors is to offer a safe and efficient visit. Keeping your website healthy and running fast is the best way you can provide a great visitor experience. Extra plugins equals a slow website (which equals lost visitors and revenue for your business).
4. Install iThemes Security – This plugin provides an extra layer of protection against threats by hiding vital areas of your site, restricting access to important files, preventing brute-force login attempts, detecting any attack attempts, and notifying you by email if there are any issues with your site. I use it on all my client websites and recommend you get it installed on your site as soon as possible.
5. Use Akismet – to control comment spam (or disable comments on your site altogether if it makes sense). Malicious scripts can be injected into your website through comments, so it’s important to use this plugin to prevent that from happening. No comments will be published to your site until you review them in the admin section and approve them first.
6. Use Secure Passwords – and change them regularly. WordPress now has a great secure password generator built right in (but if you send it by email, be sure to have the user change it asap because email is not secure). A secure password should be 18 characters long, contain a combination of special characters, capital and lowercase letters, and numbers. You can use a free application like Passpack Desktop (which I use) to help you generate secure passwords and store them securely in one place so you can always look them up when you need them.
P.S. If you like this post, you’ll love this one: How to Turn Your Website into a Rock Star Sales Machine