The 3 Rules of Wordpress Security: Protect, Detect, Restore! TALLPOPPIESDESIGN.COM/BLOG

The 3 Rules of WordPress Security: Protect, Detect, Restore!

No matter how big, small, bustling or quiet your business is, hackers are on the prowl to infest your site with evil germs. It doesn’t matter how under-the-radar your site is. Hackers would love to get their hands on it. And, trust me, they’re trying. Right. This. Second.

Over 30,000 sites are hacked. Every. Single. Day.

That’s 11 million websites compromised every year! How much money, time, energy and tears will you spill if your site get’s taken down?

The most basic security steps you MUST take:

#1: Keep your WordPress software, Plugin and Theme software up-to-date
Before you update this software, backup your site! Please note: Just because a plugin or theme is deactivated doesn’t mean it’s not a threat. If you’re not using it, delete it.

#2: Use strong passwords and usernames
Your password should have numbers, capitals, special characters (@, #, *, etc.) and be long and unique. Check-out this tool to create strong passwords.
Don’t use the same password across multiple websites.
If you still have and administrator account called admin, change it immediately! Here’s how:

  • Login to your WordPress website
  • Click on ‘Users’ in the left panel
  • Click ‘Add New’ and then work through all the fields. Make sure you have a weird, and wacky username and password. In fact, try using http://passwordsgenerator.net/ to create very secure random passwords. Don’t forget to keep a record of this new username and password!
  • If this is your main account and you want to use the email that is tied to your main Admin account, you can, but first you will have to add another email address until we delete the old account. You can update your email, first and last name, and passwords, just not the Username.
  • UN-check the field ‘Send this new password to the user by email.’
  • Click ‘Add New User’
  • Now, log-out of WordPress and Login with your new username and password
    • Click on ‘Users’ in the left panel
    • On the next screen you will see ‘What should be done with posts owned by this user?’ Check the box ‘Attribute all posts to:’
    • And choose your new username for this user from the drop-down menu
    • Click ‘Confirm Deletion’Click on ‘Users’ in the left panel
  • Now, if this was your main Admin account, let’s update the email
    • Click on ‘Users’ in the left panel
    • Open up your new user account
    • Update your email and save!

#3: Add a security plugin to help block hackers, and detect problems
eg. Wordfence, Sucuri, or ithemes Security Pro (note: you may want to hire a pro to install and set-up ithemes security pro, such as UnHackus.

#4 Backup your site
Add a to-do item to your calendar to back-up your site weekly or monthly (here’s how to backup your site), or set-up a tool like Backup Buddy so that your website is backed-up automatically. Also, make sure your back-ups are saved in a remote location (not on your host’s server), such as in DropBox, Amazon S3, or if you are using Backup Buddy: ithemes Stash, or another place in the Cloud (on the web) so that you can access the backup files wherever you are in the world.

These offensive measures and a trustworthy web host, will help a little to keep the enemy at bay, but they are no guarantee and there’s soooo much more to it. That’s why I now offer all my clients this TLC Maintenance package, for your peace-of-mind, and mine.

Facebook Twitter Pinterest Plusone Email

Comments on this entry are closed.