Now that you know how to keep your Professional Services WordPress website updated, the next thing we are going to do is learn about WordPress security.
Two Most Important Factors
Really, the most important thing to know about WordPress security is that there are two important tools and if you maintain those tools the chances of you getting hacked are quite slim.
Use Strong Passwords
The first tool is a strong password. A strong password is one with letters, numbers and special characters. Also those letters shouldn’t add up to a real word. For example, you used PA$$w0rd, that’s in fact, not as good a password as you think it might be. It’s got all the necessary components to it but it’s going to be on those list of passwords that hackers automatically try.
People try to be clever using their cat’s name or something similar but those those passwords are very easily broken by bots attempting to do that. So the best line of defense is to have a strong password.
These days they even talk about using second party authentication or what’s called to two stage authentication. In that case first you log in and then secondly you get a text message to your phone with a code to enter. You’ve got real authentication with that kind of thing but a strong password is first the second tool.
Keep Your Website Updated
The second tool is keeping your website up to date. The number one reason why sites get hacked is because their website isn’t up to date. It’s got an old version of WordPress where a flaw has been found or it’s got an old plugin that has a flaw that’s gotten exploited or it’s sitting in the same hosting account with an old inactive website.
If you’ve got a bunch of websites that you don’t keep up with that can be a real problem. Say you’ve got one real website and a bunch of others that you just played around with and you’re not keeping those up to date. Those expose your real website to a danger of being hacked.
Additional Security Measures
Invariably if you have a strong password and you keep everything up to date, you will be fine but there are other things that you can do also.
One of my favorite things to use is iThemes security. I don’t use it on BYOBWebsite or any of the sites I host at WP Engine because WP Engine has my back covered for security so I don’t have to worry about it. They have their own firewalls, they have their own denial of service attack solutions and that sort of thing which entirely solves my security problems.
But if you’re at a regular hosting company then you may, in fact, want to have additional hardening measures and the one I like is iThemes security. It’s important to know that there are ecosystems of plugins. And so iThemes has iThemes security, BackupBuddy and it has integration with Sucuri. They’ve got their whole ecosystem of plugins.
WPMU dev is the same way. They have security plugins and backup plugins and remote backup storage. It’s very inexpensive. And they have plugins that cache and speed up your site and that sort of thing. So if you’re member of WPMU dev then maybe the thing you use is all of their stuff rather than say using what I’m teaching.
I’m a big fan of WPMU dev and I’ve been a member with them nonstop since 2010. They write very good software and it just happens that they’re probably the most expensive sort of solution. As long as you want to make sure that you are covered all the time it’s four hundred or so dollars a year for access to all of their plugins.
Whereas access to all of BackupBuddy all of their plugins probably starts off a couple hundred bucks or two hundred fifty a year for unlimited sites and unlimited use. I don’t know what the renewal is because I just automatically pay for them but it’s quite a bit less expensive.
Having said that, iThemes has a lot fewer plugins to choose from than WPMU dev does. WPMU dev has a much larger ecosystem than iThemes. Regardless, you can see this concept emerging where there are these big plugin houses that know how to write things that work well together. I just happen to like both of these but there are other ones out there too.