Earlier this week we took a look at Drupal security. Since WordPress is the other CMS we favor, it’s time to take a look at keeping WordPress sites safe.
As with any database-driven site, you cannot expect to build a WordPress site and leave it as is over an extended period of time. As vulnerabilities are exposed, your site becomes more and more at risk of being hacked.
Hacking can take many forms, but all are a danger to you and potentially your visitors. Since most modern browsers are sophisticated enough to detect threats, your site visitors may be warned away from your site. Clearly that’s not going to be good for business.
Here are some steps you can take to keep your WordPress site secure. (Note: most of this applies to installed WordPress site; sites hosted at WordPress.com have much of this taken care of automatically.)
- Stay up to date – security patches are generally released in response to new known threats, so it makes sense to install them as quickly as you can. Be sure, though, that the update is compatible with all the plugins and widgets being used on your site.
- Check in on your site – Believe it or not, there are people who never visit their own sites. Check in regularly so that if there is a problem, you stand a chance of being the first to know. This isn’t something you want to hear from prospective clients.
- Safeguard passwords and logins – minimize the number of people who have access to your servers and your administrative dashboard. Also be sure that everyone has his or her own login so you can track trouble back to the source. If you can get your team to cooperate, mandate password updates at least twice a year. It’s a hassle, but it’s an added layer of protection. And consider eliminating the default admin account. An admin account with a different is much more secure – hackers will have to guess not just the password, but the user name, too.
- Back up regularly – you’ll sleep better knowing you can recover from a destructive attack without losing a lot of time or data.
There are a number of security plugins available that can help you monitor your site, too, but we prefer sticking with tried and true methods that we know do not impact site performance. As some of these tools become more mature – and we’ve had the opportunity to test them more completely – we’ll be more comfortable recommending them.