How to keep your site secure
Keeping your WordPress website secure is an important part of running an online business or blog. Many of our customers are concerned about keeping their site secure but don’t know what steps to take. There are a few very simple things you can do to keep your site secure, much of which is just good practice as you build your blogging behavior or routine. Really, keeping your site secure is just risk management . . . there is nothing you can really do to guarantee your site is totally secure, it is an ongoing practice.
So here goes . . . the following are things you can do – or NOT do – to keep your WordPress site secure:
Keep everything up to date
It is important to keep WordPress, Genesis, Plugins and your theme up to date. If you are wondering how to update your Restored316 theme, you can read about that here. The WordPress updates are often a bug and security fixes and you don’t want to miss out on that!
Delete any plugins you aren’t actively using
Plugins can create all sorts of issues if you are not careful to update them. Any plugins you are not actively using should be deactivated and removed. You can always add a plugin back in and that is a better idea than to let it grow old and out of date on your site.
Delete any themes you are not actively using
You can leave a standard WordPress theme installed or any others for that matter, but if you do, make sure you keep them updated as well. Be sure you don’t delete Genesis! Even though it isn’t “active” doesn’t mean it’s not being used.
Only download plugins from well-known sources
When I select a plugin I look at how many times the plugin has been downloaded and when it was last updated. It is important to find plugins that are created and supported by developers that are ‘in the game’ and are not going anywhere and will continue to update their product.
Don’t use ADMIN as your username
This is probably one of the biggest mistakes I see! Never use admin or any other easily guessable username. If you can not come up with a good username for your WordPress login choose your email rather than admin. If you are using admin as your username, use our instructions here to change it to a more secure username.
Change your password often
There are password generators available like 1password which I know Lauren highly recommends. You don’t have to go that route, but make sure you use a good mixture of characters, numbers and special characters.
Make sure you are deleting Spammy comments
You must use something to filter out the spam comments you will receive. Comments are one way for hackers to attach bad scripts into your site. We like to use spam destroyer, but there are several good plugins available that will help reduce the amount of spam comments you will need to moderate.
Choose the best hosting you can afford
Security venerability can often come from the host itself! Be sure to use a reputable hosting company that has a team in place that will take care of any issues in a timely manner. Restored316 recommends SiteGround or WPEngine
Backup your site
It is a good idea to take regular backups of your site. This plugin works well for backups. It is also a good idea to have a plan as to how to recover your site if it is compromised. Here is a good source of information regarding backups.
There you go! Don’t fear losing all your hard work and time you have spent building your website . . . Follow those 9 things and you can rest easy knowing you are more secure and that you have a backup plan if something does happen to your site.
Great post. Thank you. Sadly, I was recently hacked. With Gator and thought they were providing security. They say it was cancelled, but it was still part of my bill (no credit). I found a good company to clean and provide security, but know I need to migrate. Thus perfect timing for your post.
QuiltShopGal
http://www.quiltshopgal.com
Oh yuck! It is never ever fun to be hacked into! So grateful you found a company who was able to help you get it all cleaned up.
Should I delete Widget Importer & Exporter and WordPress Importer after I completed my web site?
Yes! Once you import the widgets you no longer need it.
Thanks!
You are welcome!
My site was recently hacked as well. 🙁 My site was still live and working but embedded with viagara links by some black hat SEO type of malware! I am definitely more cautious now and think your article does a great job summarizing the main things everyone can do to minimize their chance of getting hacked.
Regarding the spam comments…I currently use the Akismet plugin to filter out spam comments. Akismet puts them in a junk folder and I’ve never thought more about it. Should I be emptying this folder regularly? I guess I assumed they were doing enough to get rid of the comments but didn’t think of them from a malware perspective. Is there more I need to be doing in your opinion?
Thanks! 🙂
Hi Amy,
Ugh! I’m so sorry you were hacked.. that is never any fun at all!
Regarding the comments, Akismet will filter all the comments and put them in the spam folder. However they do remain in that spam folder until you go physically delete them. Maybe put a reminder on your calendar for once or twice a month to go and hit the empty spam button.
Hi Stephanie,
great article, I made the setup for the Backup on Google Drive and the link with the explanation was very clear and the UpdraftPlus plugin works fine. Today right now I1m not online, but already have my backup! 😉
Thanks for taking care of us!!!!!
Maggie