The most popular website management platform in the world is stealing the show, and so are we with our state of the art support service.
Keeping your WordPress website updated can be a challenge. We all know how cumbersome and tedious can maintenance be, especially if you’re not particularly tech-savvy. That’s why we created our service around WordPress upkeep.
Is WordPress secure?
This is a question that many people ask, and as with many other aspects, the answer must, unfortunately, be it depends. By itself, bare-bones WordPress is kept quite secure. Its codebase is well maintained and updated, any security issues are fixed promptly and its architecture is well designed to keep out any unauthorized third parties.
The issue here is that most people don’t just run vanilla WordPress. Customization including special themes and plugins is necessary to meet a broad range of needs. This, in turn, introduces multiple vectors of attack.
More importantly, a fresh unmodified WordPress installation is also lacking in some departments:
- No proper 2-factor authentication
- Lack of automatic backups
- No user account with restricted access
- Lack of user actions logging
- No SSL certificate
- Open API endpoint
Threats and dangers to keep in mind when running WordPress
Remember, your website along with all of your data is exposed on the Internet to anyone on the planet. This means there are a couple of billion people that could potentially be a threat.
- WordPress is a CMS written in PHP, a script that is dynamically executed on the server. Someone could gain access to it by executing malicious code.
- There are many moving parts on every website. You only need one week link to get compromised.
- A ballooning WordPress install becomes very slow to load, making interactions with it unbearable for both visitors and administrators.
- Outdated WordPress parts can become a burden when they break your website due to incompatibilities.
Best practices for WordPress maintenance and security
- Keep admin area user count to a minimum
- If you don’t need to do any housekeeping, use a user account with restricted access, limited to content edits only
- Use 2-factor authentication when logging in
- Keep the number of installed themes and plugins to a minimum
- Deactivate plugins not constantly in use, and enable them on demand
- Don’t use freely available obscure or low-rated plugins
- Use a secure, random, long password and change it often
- Under any circumstance do not share passwords
- Keep backups encrypted in an off-site location
Backing up a WordPress website
Ever heard that there are only two types of people, the ones that do backups regularly, and the ones that will? It’s true! Whether your website is big or small it is vital to have a backup of your online assets.
Think about the many changes that can happen to your website, even if there’s no content update, the underlying CMS, theme or plugins can get an update. Changes to your website files and its database happen constantly. The only way to keep track of them and be able to restore a previous version should anything wrong happen is to have a backup.
Of course, there’s also a risk of your website getting hacked and taken advantage of. In such cases having a proper backup from before the event is most helpful and can significantly reduce the cost of malware removal.
As mentioned, a proper backup, which is a standard website maintenance procedure, should include both website files and a database snapshot. At the very least you need one daily backup of your website for the last 3 days. It is advisable, though, to keep 7 days going back worth of daily backups and then a weekly backup for another 4 weeks back, as well as a monthly backup going back 6 to 12 months. This way you’re making sure that your website is ready for anything that could happen to it. Sometimes malicious changes or errors are not picked up way after the fact thus the more backups you can keep the greater your chances of recovery are should you have to resort to it.
Emergency WordPress support
Even when you think you’ve done your homework and secured your website there might come a time when you get a notice from Google Search Console or your hosting company that there’s something wrong with your site.
At this point, it’s best to focus on restoring an operational state of your website, clean up, tighten security and monitoring as well as perform a security audit.
You can’t waste any time, because every minute that your website is hacked or unavailable you lose your money. The implications go far and wide-ranging from Google Ads ban to deindexing in Google’s search index and more.
When you’re faced with such circumstances you need someone you can rely on. Professionals help with such circumstances every day. We’re here to help with any time-sensitive issues you might be facing.