You’re busy. Your work to-do list is growing at a furiously fast pace. And when you pause to look around, everyone in your office is in the same boat. The very last thing you have time for is a hacker messing with your website. That’s why web security should be at the top of your docket. But is it?
Here are a few things you can do right now to avoid hacker-induced headaches and increase your WordPress security.
Backup Your Site.
We all know that creating a backup of an important document before making major changes is a great idea. The same is true with your website. Even better, though, is a routinely scheduled backup which ensures that if your site is compromised, you can easily restore it to a version prior to the damage.
For Virtual Private Servers (VPS) or Dedicated Servers:
(We highly recommend using a hosting plan with a VPS or dedicated server.) There are several different control panels for a VPS out there, so the steps to back up will vary. For instance, if you’re on a cPanel server, you can either login to your Web Host Manager (WHM) or contact your Web Host and put the following schedule in place:
6 Daily Backups (Monday – Saturday)
4 Weekly Backups (Every Sunday)
2 Monthly Backups (First day of the month)
If you start running out of disk space, you can either reduce the number of stored backups above or configure WHM to backup to Amazon S3 instead for a very reasonable rate. This will drastically free up disk space.
For other non-Cpanel servers, contact your Web Host to get their help putting a good backup schedule in place.
For Shared Servers:
First of all, hopefully you are not on a shared server. (Unless you’re running a personal travel blog.) For shared servers, there are a large variety of backup plugins you can install in WordPress to automate the backup process. We recommend UpdraftPlus. This plugin allows you to setup a backup schedule so you can set and forget (however you should always check on your backups on a regular basis to ensure there are no issues).
Make Site Maintenance a Regular Habit
Spending a few extra moments on a monthly basis can have a huge impact on the security of your site. Login to the dashboard specifically to check for WordPress, plugin, and theme updates. You’ve probably seen that “Update available” banner. Yes. You will want to update your site after you manually back it up.
You may be thinking, “I’ve been automatically backing up my site, just like you recommend. So, do I need to do a manual back up too?” The answer is: Yes. This will allow you to quickly and easily restore your site to the exact point before the update took place. If you don’t have direct access to the server (SSH, cPanel, WHM, etc.), the free version of UpdraftPlus is a great option to quickly generate a backup with one-click and it’s just as easy to restore if an issue arrises.
…but if it’s not broken, why fix it?
Updates provide important fixes to many things, including security fixes. When updates are made available, information about those security issues are available to the public. This means an out of date site is more vulnerable.
Similarly, plugins and themes that aren’t updated can be like an unlocked back door to your site’s admin and your personal info. If you don’t want to update a plugin because you’re no longer using it, simply delete it. Getting rid of plugins and themes you are not actively using will remove unnecessary security holes.
Use Strong Passwords
A weak password is like leaving the keys dangling in the front door. You’ll make your website much more secure by creating a strong and unique password for every user on your site. It’s a good idea to install a plugin like “Force Strong Passwords” to prevent weak passwords. (Also, if there are several users in your system, be sure to only assign sufficient rights to get their work done. You most likely don’t need everyone to be an admin user.)
If you’ve been using the same login credentials forever or you recently noticed suspicious activity on your site, change your password.
You can learn more about creating strong passwords here, being sure to keep these basics in mind:
- Use 12 or more characters.
- Include numbers, symbols, and both uppercase and lowercase letters.
- Never use personal information such as your name, username, or email address name.
Of course, this list is just the tip of the iceberg. Do these 3 things today, and check back in the future for more extensive measures to take to improve the security of your WordPress site.