WordPress.org is by far the world’s most popular CMS (content management system) with over a quarter of the websites out there. It’s a great tool with lots of options for combining themes and plugins to extend its functionality. But it’s only as good as you keep it! Someone out there would love to hack your site for access to your email lists, bank account info, user profiles etc.
Security and general well-working can be maintained with some planning. WordPress itself prioritizes security and ensures that the people using their products do not face issues. But you need to keep it and the extensions (themes and plugins) you use up to date in order to benefit.
1. Backup Your Site
The first basic thing you should be doing is backing up your site regularly! Really simple and there are plenty of plugins that do it. This means that if you have a fatal error or attack you can role back to a time before the issue. How often should you do it? Depends on how often you publish but a minimum of once a week is a good idea.
2. Keep Your WordPress Files Updated
Updates for WordPress services often include security fixes as new methods of hacking etc. are detected. Updates are released when needed but it’s often once a month. It’s simple – when there is an update available, you should get it. Check that your theme-maker is also creating an update for that version of WordPress.
3. Do Not Torrent Free Crap
Just don’t. Any theme or plugin you install can affect your whole website. If you are looking for free versions of premium themes or plugins, you are just inviting hackers to inject malware or phishing code into your site. Prices for these things are generally quite reasonable anyway so avoid the temptation full stop.
4. Manage Your Plugins
Keep on top of their updates and make sure your old plugins aren’t leaving you open to security issues. WordPress and Themeforest often publish news about major security issues so reading is always worthwhile. Plugins issue updates often as well usually weekly to monthly.
5. Install a Security Plugin
A hacked site is more than just a pain in the ass It’s also a big red sign to Google and users. It can get you blacklisted by Google, damage your SEO, make your site look untrustworthy to visitors, and wreak general havoc. You need plugins which can protect your website from malicious attacks and scan for an issues detected. These plugins can save your website from brute force attacks, cross scripting, Denial of Service attacks, and much more.