Protect Wordpress Like It's A Child
Not many people think of WordPress as a child, but maybe they should..
When you first install WordPress on your new site, it seems like there’s a world of possibilities. At first your WordPress can’t do much, but you can dress it up in pretty premade themes and start playing around with it. You probably have the themes you got from the babyshower (zip file) and you want to go out and find a few more than will reflect your personality and style. Just like a new baby, your new WordPress is a reflection of you.
A few months later when your website is built and released to the public, you find that your WordPress is getting bored with it’s current toys and you venture out to find some new plugins that will make your website run more smoothly, rank better in Google, or let everyone know how to find you on social media. Since there are multiple plugins that do the same thing you install them all, trying each one out to find the one you like.
About 6 months into your WordPress site you’re likely actively working with your WordPress regularly or maybe you’re not. No one is a perfect parent, but we try. Regardless of your activity on your WordPress, others are starting to notice it and will soon begin influencing the way it acts.
Around the 1 year mark of your WordPress, it’s effectively an angsty teenager. It’s beginning to hang out with a tough crowd of hackers and spammers because search engines made it easy to pick out. This is the point where the type of parent you are makes a difference.
The Unattentive Parent
If you have a WordPress that hasn’t been maintained in the slightest, this is probably you. At this point Google as crawled your site and found all its insecurities to share with hackers and spammers as soon as they search for it. And there are a lot. If your site as at this point and has not yet been hacked, you can still save it. But do you want to? If you don’t care for it, save what you want to keep and uninstall it. If you do want to keep it, read more about The Over Protective Parent below. If it HAS been hacked, save what you need and uninstall it. Saving a hacked WordPress is a lot less work than installing a new one.
The Loving Parent
If you have a WordPress that has been a even a semi-weekly presence in your life, it’s safe to say you love your WordPress site. It’s likely that you keep it updated each time there’s a new version of WordPress, or your plugins, or your themes. You probably know there’s more you could do to keep your WordPress safe, but you feel like what you’re doing is enough and you keep backups just incase. This site has about a 50/50 chance of getting hacked. If it is hacked, you will need to decide whether to start over, take the time to clean it up properly, or pay someone to do it. Keep in mind a hacker doesn’t usually just make himself 1 door.
The Over Protective Parent
Typically this type of person uses their WordPress for business and can’t tolerate the possibility of being hacked. It could ruin their reputation or even cause them to lose money. Despite the purpose of your WordPress, it’s important to keep it safe and make sure it isn’t going to be a bad influence on the other kids. I’m going to put these steps in a bullet list so you can follow them as if it were step-by-step. Each of these steps is necessary for all WordPress installs. I challenge you to check this list against your current WordPress sites.
- Delete the ‘Hello World’ post!
Google the words Hello World to find a list of poorly maintained WordPress sites… Go on, try it.
- Delete all the themes you won’t be using.
Wordpress ships with Twenty Eleven, Twenty Twleve, Twenty Thirteen, Twenty Fourteen, Twenty Fifteen – you don’t need them all.
- Decide whether or not you will want your visitors to comment.
If you don’t, go in the settings and turn off all comments (spammers instantly stopped!) If you do, set up Akismet or find another comment spam plugin.
- Install a good security plugin like Sucuri Security and harden your WP.
This plugin will harden all the directories that are commonly hacked, as well as offer other suggestions.
- Create a new user account for yourself with Administrator permissions.
Once you have this new account, set the old one to have no permissions. The first user is commonly the one to get attacked with brute force.
- Delete any plugins you’re not using.
When you try out plugins for your site you usually end up with some that weren’t what you needed. Don’t just DeActivate them, delete them completely.
- Upgrade everything, always.
Wordpress can only be as safe as the version you’re running. That also goes for its themes and plugins.Check your WordPress for updates often and subscribe to the newsletter to be notified by email when there’s an upgrade available.
Hosting your own WordPress site allows you the flexibility to run it however you like and own your own content, but it comes with responsibility.
If you have any suggestions for securing WordPress that are not listed here, please comment!