WordPress Security Best Practices to keep your website safe

By Published 31 July 2014
WordPress Security Best Practices to keep your website safe

Owning a website can be a lot of fun and challenging too.  It can bring you great business but it can also be a big headache when things don’t quite go right.  Like being hacked for instance. When this happens you feel like your world is falling apart because your website (and in some cases your business) has disappeared in a flash.  How dare these young whippersnappers from the other side of the world attack your website!

First things first – keep calm and carry on.

All these things can be resolved and the website that you’ve so lovingly worked on will return. However what I’m sure you don’t need or have any time for is any of this hassle.

So wouldn’t it be good to try and prevent the hassle factor in the first place?

If like a lot of business owners you have a website in WordPress, then it’s good to be aware of how to minimise the risk of being hacked.  WordPress has had some bad press of late, however in my humble opinion I believe that WordPress is no more at risk to hackers than any other web developed software.

As any half-decent hacker knows, the human element of security is usually the weakest link in the chain. (The human brain likes routines, patterns, and comfort zones; and hackers exploit this with glee!).  This can be any number of things including:

  1. Weak usernames/passwords
  2. Software not regularly updated
  3. Plugins not updated

WordPress, too popular for its own good?

One of the reasons I believe that WordPress gets bad press for being more vulnerable to hackers is because of its popularity (22% of the websites on the internet now use WordPress, including big companies and celebrities eg New Yorker , Stephen Fry, JayZ), and not because of insecurities within the software itself.  The more popular something is, the more it becomes a target.

It’s used by developers, freelancers and newbies who of course don’t fully understand WordPress best practice. Having people with different levels of skill inevitably can potentially cause weaknesses within the site.  So when an inexperienced person downloads WordPress for the first time they are probably not following best practices.

WordPress Best Practice

So once you have your lovely new WordPress website, it’s incredibly important to look after it, a bit like a child or a small animal. They need love and attention on a regular basis to flourish – not just once a year at Christmas!

Keep your WordPress updated.  WordPress doesn’t update the core very often.  This is important for your developers to do, as updates can sometimes break things.

Keep all your plugins updated. Plugins are one of the most vulnerable parts of WordPress, not only to external hackers, but to malicious or greedy programmers. Only use reputable plugins, it’s important to make sure these plugins are kept updated just in case a vulnerability is being addressed in the update. Again, it’s important for your developer to do this, as updates can sometimes break things.

Monitor the server log files. This might be seen as unimportant, but unless the files are monitored something could be suspicious in the server logs which will give you the details of everything that has hit your site, human or robot, and when and from what IP address. This can give great information, so it’s good to keep an eye on it from time to time.

Monitor WP access. This plugin monitors the details of logins to your site.  This will give you a record of who logs in to your website, and when. It will give you an insight into unwanted and unforeseen logins.

Monitor for file changes. A premium plugin can be installed that will send an email whenever your WordPress files are changed. This can be an early-warning system for a hack, and is worth the investment. It also allows you to roll back changes if needed.

Personal Recommendation, from experience

Personally, I’m sure you would much rather spend your time in (or on) your business than messing around with the database side of WordPress. Which is why my personal recommendation is to hire professionals!

We’ve helped out many businesses over the years with unhacking their websites so it makes sense to pass this responsibility to people who have experience and who know what they’re doing.  We now offer monthly security packages to give peace of mind to cover this.

Sure, there is a cost to this, but if that means you never have to deal with being hacked (ever) again then all is good. Plus having a fast (and secure) site allows you to do more business with greater peace of mind.

Tags: , , ,

Author: Alison Boyle

Alison co-founded LA Marketing and is specialist in strategic online marketing for small businesses, and is passionate about teaching SME’s to grow their business through understanding social media, and empowering them to market themselves online. You can follow Alison on Twitter or Google+

Connect on Linkedin Alison Boyle

Other posts by