Recently, Alex Grant reached out to me to share a piece he wrote on Security and WordPress Websites. I have read several articles like this in the past, but Alex wrote his article in a manner in which even non-techy users can follow along. On top of that, he really thought through all of the various parts of securing a WordPress site. I honestly might incorporate this article into all of my project kick-off meetings going forward. https://bestvpn.org/bloggers-guide-to-wordpress-security/
When I talk to my clients about security and hosting… I often get asked questions like, “why would anyone hack my site. It’s not like I have any top secret data, or passwords, or credit card numbers…”, but the fact of the matter is that the hackers aren’t just looking for that kind of stuff. Often times they hack sites for fun, or to use your site’s email server to send spam or phishing emails** from your email address. Or like Alex mentions, they might hold your site hostage until you pay a ransom.
The point of this post, is to share with you that even as a small mom and pop business or a blogger of your hobby… You should take a few minutes to understand some of the best practices in securing your WordPress website.
Here are a few things that I consider requirements for every one of my websites (requirements vary from case to case, but these are pretty standard):
- Having regular backups of your site. Ideally, the hosting provider will do this, but if they don’t then I require something like UpdraftPlus that will do regular backups and ftp the backup to a 3rd party location such as DropBox.com.
- Installing security plugins such as Limit Login Attempts that lock out users who try repeatedly to break into the site.
- Strong usernames and passwords (passwords can’t be a word found in the English dictionary)
- Site Monitoring plugins such as Sucuri or WordFence
- Taking updates when they come out (This would only be a concern if I didn’t have backups of the site)
- Only use plugins that are actively being supported and updated to work with the latest versions of WP.
Anyway, Alex did a great job on this article and I wanted to help him get it out there for all of you to use as well. https://bestvpn.org/bloggers-guide-to-wordpress-security/
**Phishing scams are typically fraudulent email messages appearing to come from legitimate enterprises (e.g., your business email and or your personal email). These messages usually direct you to a spoofed website or otherwise get you to divulge private information (e.g., passphrase, credit card, or other account updates). The perpetrators then use this private information to commit identity theft.