Did you know that 83% of hacked WordPress websites are not upgraded?* That means with basic maintenance and upgrades, you can protect your website and keep your online presence running smoothly.
The last thing you want to happen is to have your website not functioning properly and miss out on potential customers. Today we are going to review the 9 simple steps you can do to keep your website updated and secure. Let’s get to it…
As we have mentioned before, you should own all of your website accounts under your name or your business’s name. That is half the battle of security because no one else can tamper with your website accounts.
You should also choose solid hosting with a reputation for up-time and security. We are big fans of Go Daddy because they do a great job of maintaining and improving their servers on a regular basis. This means you don’t have to worry about brute attacks at the fault of your hosting provider. Yes, if the CIA and Target can be hacked then anyone can be, but you have to go with the path of least risk.
All WordPress websites are built off of a theme. There are thousands and thousands of theme options available for purchase and thousands and thousands more available for free. You know what they say about free … yeah, too good to be true. Free themes tend to not have the quality of development that you need to optimize your website for search and security. It’s true, we have actually seen a few free themes that made WordPress hard to use and we thought that was pretty much impossible.
You should always build your WordPress website from a premium theme, meaning you or your developer purchased it. This doesn’t guarantee 100% that your website can never be hacked or break, but again, the path of the least risk is the best option.
backup your website regularly
You know how you have fraud protection on your debit card? A regular backup on your website is the same thing … you can never permanently lose anything. We recommend a minimum of one full and complete backup of your website every week. If you blog more than once per week, up the frequency to daily.
Any developer you work with should offer a peace of mind maintenance plan and offer to backup and protect your site on a regular basis. The fees are usually nominal and paid on a monthly or quarterly retainer basis.
There is no set schedule for when WordPress pushes a new version out to the public. But when they do, it is for a reason. The main reason new versions come out of any software is to fix a bug or patch a security hole. Updating as soon as possible is the best and only option.
Many hosting companies will send you an email and say, “Hey, your WordPress version needs to be updated.” Again, any developer you work with should offer this update option in an ongoing retainer plan for maintaining your website if you do not wish to do so yourself.
update plugins and themes
Just like themes, plugins and themes push updates as needed to increase security or fix a feature. Sometimes the updates are to make sure they are staying compatible with new versions of WordPress. It is rare, but sometimes when you update WordPress a theme or plugin can break. And vice versa, sometimes when you update a theme or a plugin while still running an older version of WordPress you can break your website. Don’t worry, though, you have a full and complete backup, right?! In just a few minutes you can have everything back up and running.
If you are regularly maintaining WordPress, themes and plugins, you do not need to worry about anything breaking when you update. If your website has highly complicated functions, like membership or eCommerce plugins, we recommend you are on a maintenance plan with your developer. Downtime on a membership or eCommerce site is immediate money out of your pocket and worth the retainer fee of a qualified developer.
complex usernames and passwords
Nothing makes us more bothered than seeing the username of “admin” for a client’s username … especially when a WordPress developer set it to that. You are just asking for your website to get hacked when you pick obvious usernames or passwords. Yeah, “Password” is not a secure password. Little bots (or computer programs) that try to hack WordPress sites start with the username of admin and go through a series of automatically generated passwords.
ALWAYS use a series of upper and lowercase numbers, letters and special characters in both your login. And keep them secure like we recommend in this post about owning and understanding your website accounts.
IP and user lockouts
The little bots we just mentioned are usually detectable, meaning your website can sense that it is being scanned. With a few simple security measures in place, you can make sure your website automatically locks itself. Your website can even remember the specific IP addresses that were dangerous and block them immediately in the future.
limit failed logins
This is usually a case of a bot attempting to login using various passwords and usernames. Your website, with the right security measures in place, can automatically lock the login process and stop anyone from being able to access the site. You can even have it set up to email you and let you know that something or someone was attempting to login and failed. (This is why you should always keep your passwords secure on a master document … if you forget your login too many times in a row your website could think you are a hacker!)
Spam comments are probably the only thing we don’t like about WordPress. They happen all the time and are super annoying. Don’t worry, though, there is an amazingly awesome and super cheap fix: Akismet. We never feel that we pronounce it correctly but for $5 bucks a month you can’t beat this spam blocker. Seriously, it is our favorite WordPress plugin. Oh, and it was developed by the same guy that developed WordPress so you know it is good!
Many of these features can be and should be built in to your website by your developer. Before you begin working on a new website, ask if these features will be included in your price. And always ask about maintenance plans … you will have peace of mind by knowing you have a professional regularly monitoring your website!