I recently wrote a guest post over at Restored316 on site security and you can read that post here. As I was doing some research on the topic I learned so much more than I could really share in that post. So here’s how to beat the – fear – of having your WordPress website hacked.
There is no perfect solution to keep in your site 100% secure. The WordPress codex mentions that it is not absolute, it is a process. This page in the WordPress codex calls it “Hardening” WordPress. Site security is an ongoing process and should be viewed as such. Security threats can come in many different ways so we should be able to evolve in our security strategies as well.
So what could you be doing to make your site secure?
Well, I made a video for you. . . but below this video I will go into detail and expand a bit more and offer some links that you may find helpful. Also, I will add a pdf option so if you would rather print this info out and read it later you can, so be sure to scroll down to get that.
Backup your site on a regular basis and have a back up plan just in case your site is compromised
Here is really great read if you want to learn more about backing up your WordPress site. In this article it is mentioned that it is a good rule of thumb to keep at least 3 backups and to keep them in different locations, so on your hard drive a thumb drive or a cloud storage account. This way if one backup source becomes corrupt you are not lost in the dark! I like to use Updraftplus to automate the backup process, but there are several options available. I have heard good things about backup buddy as well.
Keep everything updated and remove anything you are not actively using
You will want to be sure to keep WordPress, your framework (Genesis) plugins and themes updated or removed. To let a plugin sit in your site growing old because you may use it in the future is just not a good idea! It is better to remove plugins and themes and then reinstall them if and when you do decide to use them.
Only install plugins and themes from reputable sources
It is a good idea to select plugins, whether free or paid, from reputable sources. You will want to look at how many times a plugin is download and the last time it was updated. A good, full time developer with be taking steps to update their plugins and provide ongoing support etc. The same goes for themes, you may be enticed to download a theme because it is free, but make sure the source is an active WordPress community member and developer.
Never use Admin as your username
To use Admin as your username is a huge problem! Although it is a common occurrence it is not a good one. Make sure you have a username that is not easily guessable. It would be better for you to use your email rather than admin, so go fix this right now!
Change your password often
Once you have a unique username, also make sure your password is a good mixture of uppercase, lowercase, special characters and numbers. If you are not feeling creative there are password generators available and it is a good idea to use them! I have heard good things about 1password. You will also want to change your password fairly often.
Select the best hosting account you can afford
There are various options when selecting a host. You will want a hosting company that is taking steps on their end to keep their servers secure as well. Shared hosting may not be the thing for you, there is also managed WordPress hosting and various other options. Take a bit to research what will work best for your situation. I have really enjoyed working with the following hosts:
Get rid of spamy comments
Bad scripts can be attached to comments and so it is a super good idea to use a spam filter like Spam Destroyer. You will want to build into your routine a time to moderate comments and get rid of the ones that look suspicious.
That’s it friends! A few things you can do to take control and alleviate some of your fear around WordPress site security. Some of these points may seem quite simple but they will help you as you work toward hardening your WordPress website or blog.