Keeping your WordPress website secure is an important part of running an online business or blog. Many of our customers are concerned about keeping their site secure but don’t know what steps to take. There are a few very simple things you can do to keep your site secure, much of which is just good practice as you build your blogging behavior or routine. Really, keeping your site secure is just risk management . . . there is nothing you can really do to guarantee your site is totally secure, it is an ongoing practice.
So here goes . . . the following are things you can do – or NOT do – to keep your WordPress site secure:
Keep everything up to date
It is important to keep WordPress, Genesis, Plugins and your theme up to date. If you are wondering how to update your Restored316 theme, you can read about that here. The WordPress updates are often a bug and security fixes and you don’t want to miss out on that!
Delete any plugins you aren’t actively using
Plugins can create all sorts of issues if you are not careful to update them. Any plugins you are not actively using should be deactivated and removed. You can always add a plugin back in and that is a better idea than to let it grow old and out of date on your site.
Delete any themes you are not actively using
You can leave a standard WordPress theme installed or any others for that matter, but if you do, make sure you keep them updated as well. Be sure you don’t delete Genesis! Even though it isn’t “active” doesn’t mean it’s not being used.
Only download plugins from well-known sources
When I select a plugin I look at how many times the plugin has been downloaded and when it was last updated. It is important to find plugins that are created and supported by developers that are ‘in the game’ and are not going anywhere and will continue to update their product.
Don’t use ADMIN as your username
This is probably one of the biggest mistakes I see! Never use admin or any other easily guessable username. If you can not come up with a good username for your WordPress login choose your email rather than admin. If you are using admin as your username, use our instructions here to change it to a more secure username.
Change your password often
There are password generators available like 1password which I know Lauren highly recommends. You don’t have to go that route, but make sure you use a good mixture of characters, numbers and special characters.
Make sure you are deleting Spammy comments
You must use something to filter out the spam comments you will receive. Comments are one way for hackers to attach bad scripts into your site. We like to use spam destroyer, but there are several good plugins available that will help reduce the amount of spam comments you will need to moderate.
Choose the best hosting you can afford
Security venerability can often come from the host itself! Be sure to use a reputable hosting company that has a team in place that will take care of any issues in a timely manner. Restored316 recommends SiteGround or WPEngine
Backup your site
It is a good idea to take regular backups of your site. This plugin works well for backups. It is also a good idea to have a plan as to how to recover your site if it is compromised. Here is a good source of information regarding backups.
There you go! Don’t fear losing all your hard work and time you have spent building your website . . . Follow those 9 things and you can rest easy knowing you are more secure and that you have a backup plan if something does happen to your site.
Did you find this article helpful? Share it with others!