Whether just taking the plunge into the WordPress wonderland to launch a personal blog or full-fledged ecommerce site, or you’ve been using WordPress for a while now, it was a good choice. With a mature code base, a plethora of plugins and themes, and a vibrant, helpful community, WordPress is the ideal platform to create a rich presence on the web.
For WordPress security needs–from the development workstation to the server hosting the site—there are simple steps site owners and developers can take to help ensure a site’s overall security.
Keep WordPress and all plugins and themes up to date. WordPress does a good job of updating the core install automatically, and most plugins and themes are a button click away from the latest release. Note that some premium plugins and themes are a button click away from the latest release. Note that some premium plugins and themes require manual updating. It’s also a good idea before any major updates to…
Back up your WordPress site files and database at regular intervals, in line with the rate of content posted. Backing up your site protects you from content loss if there’s a server or credentials compromise, or worst case, if the site is hacked. Rolling back the clock with minimal downtime and lost content is the peace of mind you will sorely miss if backups aren’t around when the worst happens. Many plugins are available to assist with backups and be sure to check with your host, as it may offer a backup service.
Use strong, non-dictionary passwords for the WordPress admin and database users. And never reuse passwords. Using a password manager like LastPass or KeePass simplifies password use and makes password authentication more secure as you’re less likely to use or reuse weak passwords.
Maintenance is a broader, more administrative activity that many WordPress site owners overlook. Maintenance is the upkeep of the WordPress production environment, which means the final production files of the WordPress site available on the web. Maintenance includes moving backup files off of the server, deactivating, if not completing uninstalling, unnecessary plugins and themes, and keeping the overall tidiness of the WordPress production environment in order. Regular maintenance has the added benefit of WordPress and hosting account familiarity—you’ll find out right away if a bad actor installs a fake plugin or loads your site full of spam.
In addition to the above steps, adding a web application firewall (WAF) and the appropriate website scanning package will further protect your site from malware and other malicious activity.
The steps towards WordPress security take a bit of effort upfront; however, the return in site resilience and ease of recovery far outweigh the initial legwork. When the technology and procedures are in place for updates, backups, strong passwords, and regular maintenance, coupled with SiteLock web security products, your WordPress site will be a secure, efficient entity serving readers and customers 24/7/365.