This post contains affiliate links. As an Amazon associate I earn from qualifying purchases.
This is the first post in a series about protecting your WordPress website.
Security, a small word with far-reaching implications. What is the first thing you think of when you hear the word? As a computer tech and web host, the first thing I think of is hackers! Yes, the evil black hat hackers and bits that continually attack websites, especially WordPress website. Popularity has a price and for us, it is attack after attack.
Everyone wants their website to be secure. No one wants to be hacked. Yet what I have found is that few take the time to learn how to properly secure a site. Many seem to feel it is the job of the server host or maybe the designer. I will concede that both have a place in a full thought process of protection but ultimately securing a website is the responsibility of the owner.
Let’s take a look at some basic security tips for WordPress.
- Before doing anything else, even installing the software, choose a good username and a complex password. Do not choose ADMIN for your username. Do not use your birthday for a password.
- When you do your install of the WordPress software, do not use wp_ as the beginning of your database name. Choose something that doesn’t make it easy for a hacker.
- Once your basic installation is complete, be sure and clean up the sample data that is installed by default. Get rid of the Hello World post. No one needs to know you are running WordPress. Delete the sample comment. Finally, delete the sample page.
- The next thing you must do is install a good security plugin. At the moment I am recommending Wordfence. This is a great plugin to protect your site. There is a free version in the plugin repository but the Premiere paid version has some excellent added features. NOTE: be sure and sign up for the Wordfence newsletter because the company is very active in seeking vulnerabilities and the newsletter is the best way to find out about new security threats.
- The next step one should take is setting up a secure backup plan. Yes, many hosts do daily backups of the sites they host BUT it should just be considered a courtesy. What if something happened to the host’s backup? You would be out of luck! Always control your own backup. It is smart business to have a backup of your critical data. There are many backup plugins for WordPress and I choose UpdraftPlus. I have used many, many different plugins and UpdraftPlus is simply the best! It lets you do backups to your favorite storage location from Dropbox to Amazon.
- The last step in basic security for a WordPress site is signing up for Sucuri’s free malware scan. Signing up is good because this is your last line of defense if you get a malware infection. The scans will alert you so steps can be taken to restore a clean backup or to have a professional clean your site.
As you can see setting up the first steps of security on a WordPress website are not difficult. Everyone should take the time to do each of these steps and be sure their essential business data is safe.
Be sure and pin this post to Pinterest for quick reference. Thanks!