Recently, we’ve had a few sites that needed critical maintenance and malware removal. So, it seems like a good time for a refresher on some basic WordPress site etiquette to help you keep your sites safe and secure:
- Keep your site updated—running an outdated version of WordPress leaves openings for hackers and malware
- Have a backup plan
- Have a security plan in place to prevent malware and hackers
So how do you keep your WordPress site safe and secure?
WordPress now includes an automatic update feature. Turn it on at your own risk though – you never know if there’s a plug in or bit of code that will cause a conflict with a new version of the core code. However, keep informed about updates if you are running a WordPress site. Our clients can subscribe to our e-newsletter or follow our blog RSS feed, where we publish information about updates. You can also just keep an eye on your site! Log into your site, and if an update is available, you will see a notification on your WordPress Dashboard.
When it’s time to update, first run the update on a development /staging version of your site. Make sure everything works, and once all check’s out, run the update on the live site. Just think of it as keeping an eye on the oil in your car and changing it every 30k miles. You can also opt to have your site developer handle all of this for you (they probably subscribe to release notifications anyway!).
If you are worried about handling updates yourself, take advantage of either our single use WordPress Update Package, or our Monthly Maintenance Subscription for WordPress Sites to keep your site updated, without lifting a finger!
Backup, backup, backup!
Every site needs a backup plan, and for WordPress sites we love Backup Buddy (and install it on every single one of our clients’ sites).
This little baby will automate site backups, allow for multiple schedules and types of backups, email you if anything is out of sorts (and upon success if you want it too). Then, to top it all off, it makes reverting back to an early version and/or migrating your site a snap. You can even have your backup files emailed to you and/or uploaded to a secure location off site. If you have a WordPress site, you need Backup Buddy!
We install and maintain Backup Buddy for everyone on our monthly maintenance plans, and our standard backup settings include:
- weekly database backups
- monthly full site backups
- clicking the backup button prior to any site change
Implement Site Security Measures
Malware happens, hackers happen. It’s life. But, you can keep your site safe (even on lower budget hosting accounts) by setting up security protocols on your site.
- At a minimum, install iThemes Security (or iThemes Security Pro). And, don’t just install the plugin, go to the settings and secure your site!
- You can also sign up for a Sucuri anti-virus account. This service will monitor your site for malware, alert you if an issue is found, and even clean it up with a paid account.
Knowing what’s going on in your site admin is not only a must have security feature, but it’s pretty darn handy when it comes to troubleshooting when (gasp) something goes awry on your site.
Simple History does a great job of logging all user activity. I’ve used this to figure out what plug in caused various issues, and even to determine what user “whoopsies” deleted a page from a site.
A few more tips for WordPress site security:
- Change the default database prefix for your WordPress installation from “wp_” to something unique for your site
- Implement secure passwords for all users, and delete any user that is not a must have for the site
- Limit admin status to only users that really require it, and never ever keep the default “admin” username account
Happy blogging, and remember to keep your site updated, backed-up, and safe!