WordPress is great. It allows both small and large businesses to gain control of their content and the admin of their sites, providing fresher websites to customers and ease of use to website owners. In part because this website building platform has become so popular, it is also a target for hackers that like to hijack websites for their own purposes. For that reason, it is important to understand what ongoing maintenance is required as the owner of a WordPress site.
In the old days of table-based html websites, a site owner could build a site, forget about it for years (note that we never recommended this approach!) and be relatively confident in the security of the site. Not so with WordPress. The underlying software that makes the WordPress platform so easy to use also offers up multiple points of entry for hackers (and their automated bots) with malicious intent.
Maintaining WordPress Security On Your Site
What does this mean for site owners? How can you stay ahead of the security issues related to WordPress websites? In a word: UPDATE.
- Backup of your site.
- Keep the WordPress software updated to the latest version.
- If using a third-party theme to power the design of your website, keep it updated.
- Keep all plugins updated (and only keep the plugins you really need – if they are not in use, deactivate and delete them).
- Use a security plugin like Wordfence to scan and protect.
In addition to the regular updates outlined above, it is important to use non-obvious usernames and passwords for your WordPress logins. Avoid, for example, the use of ‘admin’ as the username. Allow WordPress to use the built-in functionality to generate a strong password when setting up new users.
Interested in more detail? Check out this in-depth guide on WordPress security.
A Word Of Caution
The #1 item in the list above is critical. It can be tempting to simply click the update button when it is presented to you in the dashboard of WordPress. Resist that temptation until you have a fresh backup of your site. Sometimes the updated code in either the WordPress software or one of the individual plugins will be incompatible with the programming on your site, which can break your site. With the complete backup, you can re-publish your site and then start the process of trying to find which update caused the issue. It is for this reason that we recommend to our clients that we manage this process for them.
WordPress offers a great solution for business owners, but it does come with security issues. It is time consuming and expensive to address a hacking issue after the fact. Be proactive in the maintenance of your WordPress website to save money, headaches, and downtime.