WordPress Security, you’ve likely seen updates from Google about keeping your website secure. Maybe you’ve even had your site hacked or infected with malware. Wordpress, makes it easy for you to blog, sell digital or tangible products, update your website, and so much more. But like every other type of software, WordPress can be vulnerable to attack if you aren’t paying attention to your website security.
Today’s article will talk about all the different things you need to consider when maintaining and securing your website. Let’s get to it!
Don’t Ignore Upgrades
One of the simplest ways to keep your WordPress website running smoothly is to upgrade the software. When WordPress is ready for an upgrade, you’ll see the word ‘updates’ and a number, like this: update (1). You’ll see this on left side of your dashboard or at the top of your admin bar.
Click on the updates button and WordPress will guide you through what to do next. But before you upgrade, you should pause to make sure you have a recent backup of your website. This ensures that if anything breaks during the upgrade process, you can easily fix it.
Don’t wait too long between upgrades. Not only can this cause your website to break, it can leave you vulnerable. After every update, WordPress releases a list of bugs fixed. Some of these bugs are vulnerabilities that a hacker could exploit. That’s why you should always update as soon as you can.
Recommended Backup Plugin: UpDraft Plus
Install Security Plugins
You don’t have to tackle WordPress security on your own. There are plenty of security plugins that can help you. My personal favorite is All In One Security, it reduces your security risk by checking for vulnerabilities, and by implementing and enforcing the latest recommended WordPress security practices and techniques. If it does encounter a security lapse, you’ll get an email so you know the moment it happens. The plugin is free but you can upgrade if you decide you need more support.
Another security plugin that’s popular is Bulletproof Security. It will notify the admin user if any infections within your website are detected. It also caches the pages of your website so they load faster for your visitors. There’s an auto update feature with this plugin so you don’t have to worry about updating to the latest version. Bulletproof Security is free but you can upgrade if you want to extra support.
Hire a Security Expert
Your website is the heart of your business. If you want to keep it healthy, hiring a WordPress security expert is the way to go. When you hire your expert, ask who’s responsible for back-ups. If you’ll be the one backing up the site up, ask for step by step instructions to ensure you’re doing it correctly.
Another option is to hire a security team like Sucuri. Sucuri is a trusted name in the computer security industry and they offer website malware removal for an annual fee. In the event your website is attacked by a hacker, you’ll have a team cleaning it in less than twenty-four hours.
The worst thing you can do for your website security is to stick your head in the sand like an ostrich. Ignoring security problems won’t make them disappear. But with the right tools, you can tackle any threat that comes your website’s way.
Keep Your Themes & Plugins Updated
When it comes to WordPress security, themes and plugins play an important role. If you forget to update them, then you’ll have outdated code sitting on your server. Hackers spend their time looking for websites with vulnerabilities like old coding. Once they find a website that’s not current, all it takes is a little bit of time for this weakness to be exploited.
You don’t have to be a victim to the next hacker that eyes your site. Taking a few simple security cautions like the ones listed below can keep your site safe:
Updating Your Plugins & Themes
Start by keeping your plugins and themes updated. If you’ve downloaded your plugins through the WordPress directory, then login to your site and click on the plugins menu on the left side of your dashboard.
Once you’ve done that, select all of your plugins and click on the ‘Bulk Actions’ dropdown menu. Click ‘Update’ then the ‘Apply’ button. If everything is up to date then nothing will happen. But if your plugins are in need of updates, WordPress will start downloading them.
Next, click the ‘Appearance’ link on the left side of your dashboard. This will show you all of the themes you have installed. If you notice any themes with an update banner, then click on them so WordPress can download the latest version of your theme.
Cleaning Out Themes & Plugins
After you’ve finished updating your themes, look through them. Are there any themes you’re no longer using that can be deleted? If you find an old theme you heavily customized, you can download a copy of it through your web host’s cPanel or through an FTP program like Filezilla.
Now that you’ve removed unnecessary themes, it’s time to tackle your plugins. If there are plugins you’ve deactivated and haven’t used in 6 months, delete them from your site.
You should also check if you have two or more plugins doing the same job. For example, WordFence protects against brute force hacks. But if you’ve also installed Brute Force Login Protection then you have two plugins serving the same function. You should pick one of these plugins to keep and one to delete.
Following up with WordPress Security
Once you’ve updated your plugins and themes, follow WordPress blogs that cover security so you’re always knowledgeable about the latest threats. Start by following the official WordPress blog so you’ll know when new bug fixes are released.
The WordFence Blog is filled with helpful information on how to protect your site. They regularly share which themes and plugins contain vulnerabilities. The Sucuri Blog also offers security tips for all websites and has a special WordPress security category.
Themes and plugins have a lot to offer WordPress users. You can change the look and feel of your website and add special functions with the click of a few buttons. But that doesn’t mean that these tools are always safe. It’s important you do your own research before you download and install anything on your website.
Get my Guide to Updating & Maintaining Your WordPress Website
No ready to invest in a security expert to manage and protect your site, but you know you have to do something?
Get my Blogger’s Guide to WordPress Updates and become your own security expert for your site. You’ll get access to the exact steps I take with my own clients to secure and protect their sites with easy to follow step by step instructions to keeping your site protected and secure!
Added Security Thoughts
Most solopreneurs and small business owners are running multiple types of software on their websites. That means keeping your website updated doesn’t end up with making sure you’re running the current version of WordPress and checking for new plugin updates.
It’s your responsibility to make sure all of your tools are updated. Keep in mind that software purchases, including themes and plugins, often have to be renewed annually so you can continue getting the latest updates.
You build a membership site or a shopping cart through a service like aMember. Your purchase gives you six months of free updates. After that, you’ll need to renew your license to continue getting these updates. This is not an area of your security you want to ignore. Doing so could leave you and your customers vulnerable.
Making a purchase is an act of trust for a customer. They’re trusting that you’ll protect their financial information and provide them with the product or service you promised to deliver. You can keep customer’s financial information secure by using a trusted third-party like PayPal to handle your business transactions.
But don’t stop there. As a precaution, you should also have a second payment system like Google Wallet or Skrill. This gives you the ability to keep your business running and protect new customers if you suspect your PayPal account has been compromised.
Securing Your Content
Another thing you should consider when you’re thinking about your website security is branding your content. Branding your content means that when you and your fans share your blog posts and images on social media, you’ll be recognized as the creator.
An example of this type of branding is posting an image to your blog that has your domain name on it. Whenever this photo is shared on social media, you’ll get the credit and this will drive more people back to your website.
If you’re worried about your content being stolen, you can use a WordPress plugin like WP Copy Protect. Once you’ve installed it, this plugin prevents users from copying and pasting your content. This doesn’t mean your content will never be taken without your permission, but it does add an extra step for any would-be thief.
Don’t just set up a few WordPress security measures once and never give another thought to your website’s safety. The technology you’re using to power your online business is constantly changing and evolving. The smartest thing you can do is stay up to date on these changes, then you’ll be armed with the knowledge you need to protect your business.
Your website is vulnerable unless you’re doing everything on this free checklist.
Download my Blog Maintenance & Security Checklist Pronto!