How to DIY your Wordpress website security and software maintenance

How to DIY your WordPress website security and software maintenance

Earlier this year I rolled out a new WordPress website security and maintenance plan for my past, present and all of my future clients called TLC Website maintenance. I desperately needed to do so for a few reasons:

  • 30,000 WordPress websites are hacked every single day, and this year, for the first time in Tall Poppies Design history, a couple of my clients’ sites were struck down. Worrying about your sites was keeping me awake at night. I have intense pride in your site. I want to protect it as badly as you do. I feel very strongly that my reputation is on the line as much as yours when it comes to the health and sanity of your website.
  • To be frank, because of this pride, I have been quietly and secretly keeping an eye on many of my clients’ websites, paying for their security software, and maintaining their backups with Backup Buddy. This was fast becoming a horrendous, drain on my time and energy.

Since launching my TLC Maintenance packages, I have been gradually reaching out to past clients to explain the new service. Now, understandably, some people believe they just can’t afford this service. The peace of mind would be delightful (for both of us!), but sometimes it’s hard to justify the expense. I totally get it.

We all loathe paying for home, car, mobile phone and even life insurance.

And regular security and maintenance packages like this are a lot like that. It’s also like paying for a security company to monitor your home or office – although it’s more than that because my little website security company also switches blown light-bulbs, and waters the garden, figuratively speaking!

It is advisable to have these services, but if you’re not ready for this level of commitment to your website, then at the very least I recommend these 5 diy security and maintenance steps.

So here’s how to DIY your security and maintenance:

  1. I recommend we do a complete one-time lock-down of your site. I work with a security pro to do this, and it’s $275. This does not guarantee that your site is 100% safe, but it will make it much much much more secure – which is a huge deterrent to hackers looking for the weakest links in the world wide web.
  2. Always uses really really strong passwords! Don’t use the same password across several sites. I recommend you update your passwords with new ones created at:
  3. Keep your plugins and WordPress software updated: I install (or you can install) a free security plugin called Wordfence. You will receive notices from Wordfence when WordPress, and plugins need updating. Also, when you login to your site you will see little red numbers appearing on your plugins buttons indicating that plugins need updating. You don’t have to do it immediately, but you should do so within a few weeks of seeing the notices. Be sure to run a backup and follow these steps before you update plugins and WordPress.
  4. Block hackers trying to login to your site: You will also receive notices from Wordfence when users (aka hackers) attempt to get into your site get locked out. Here’s what to do with those notices.
  5. We do need to make sure you have regular back-ups running automatically. I install Backup Buddy on my clients’ websites during the development period. I simply ask my client to purchase a license for it when they turn down the TLC Maintenance package. It’s $80/year. Pop over and pay for it, and then let me know your username and password and update the account on your website.

What happens if you don’t get backup buddy?

Perhaps nothing. (Fingers crossed) …but if your site does get hacked, or a plugin or software update breaks your site, you potentially lose any updates, blog posts, new pages etc you have made since the last back-up was created (I do store one from when your new site was finished). Hosting companies back-up your site too, but it’s not a guaranteed fix.

How does Backup Buddy work?

I set Backup Buddy to run backups of your website on a regular schedule and a zipped file of your whole site will be stashed, (aka transferred) to a Backup Buddy Stash, an online storage system for your backups. You get 1GIG of free storage on Stash when you buy Backup Buddy. If one of my client’s sites does break or get hacked, they need to contact me to restore their site with the last backup created, or/or bring in some hack-repair pros. All for a fee, of course.

What to I need to do to make sure Backup Buddy runs properly?

Ideally, you can set it and forget it. Unfortunately, these backups don’t always run properly, or transfer to Stash properly due to all kinds of internet traffic and tech problems, so you may occasionally get notices that your Backup Buddy backup or transfer failed.

Other than constant security scares, the time that has been sucked from my life trying to fix these hiccups for clients was one of the biggest motivators for creating the TLC Maintenance package. We all want to set it and forget it, but the web is a cruel place at times and often forces us to do the dirty work.

You can simply run a backup again and there are instructions on how to run a backup here. (It is easy. Just a few clicks)!

Why do you need to stash your backups away from your website?

If your site gets hacked, the backups could be infected too, so you need to save them in another secure place. If your backups don’t get stashed away in Stash properly, they will pile up, making your website file size large. So, if you get notices telling you that your transfer failed, pop into your site, click on Backup Buddy, download any backups saved, then delete them, then try running another backup and check the box to have it automagically transfer. Still got problems? Contact me.

While you can cast these spells over your site to shield it, it does not guarantee that your site will never be hacked. Hackers are always trying new things and discovering new vulnerabilities to exploit. These offensive measures and a trustworthy web host, will help keep the enemy at bay. Hopefully your site will exist peacefully, and happily ever after!


Facebook Twitter Pinterest Plusone Email

Comments on this entry are closed.