Welcome to Part 3 of my WordPress MOT series, following my session on the subject at Blog On MSI. This post will cover blog security and back ups.
You can find the previous posts in the series here:
- Part 1 – Tidy up your blog & quick tips to improve blog appearance
- Part 2 – Optimise your site / improve site speed
Keep it Secure
The first step when improving blog security is to install a security plugin. My favourite is iThemes Security as it is fully featured and lets you really lock things down. Wordfence Security is another popular option, although I have found that it is quite bloated.
Using secure passwords is important too, and there is now a built in generator in WordPress which makes it easier – simply go to your User account options to generate a new password for yourself.
A lot of brute force hacks target the “admin” username, or users with an ID of 1. It’s a good idea to change your user account if it uses either of these, simply create a new user with administrator privileges (preferably with a random username). Then, log into the new username and delete the old one, which will give you the option to assign all the content to the new username.
To improve security further, install the Gauntlet plugin and scan your blog. This will help you identify security holes with your WordPress installation, and give you instructions to solve them. You might not be able to sort them all, but every tip you can follow will help lock things down.
Updates! Update, update, update. I cannot stress this enough, but keep everything updated. That includes the WordPress core files, all your plugins, and all your themes – including deactivated ones.
Delete any unused plugins and themes, as the more you have on your site, the more vulnerable it is. If you don’t need something, just delete it.
If any of your plugins haven’t been updated in the last year or two, look into either replacing it with a newer plugin that provides the same functionality, or getting rid of it. Abandoned plugins may have vulnerabilities or conflicts with newer plugins or WordPress installations.
Back it Up
It’s a good idea to have a third party backup solution in place for your blog, even if your host provides a backup service. If you lose access to your host account you still need your own data backup – I’ve heard horror stories of whole blogs being lost after the hosting company went bust, with no access to the files or backups to recover the blog.
The easiest way to back up a WordPress blog is using a plugin. There are several free plugins that do a great job – UpdraftPlus is my backup plugin of choice, and BackWPup is another free alternative.
Both of these plugins have the capability to back up to Dropbox which is a great free option – but space limited. They also both work with Amazon S3 storage which is a bit more complex to set up but an extremely low cost alternative. I use this & currently have my database backed up daily, and my uploads folder backed up weekly.
Another option is to do manual database backups through your hosting control panel, or download an export file through WP admin – set a reminder to do it weekly. This only backs up the written data though, so you might want to download your wp-content/uploads folder through ftp and keep a manual backup on your computer hard drive as well.
Coming up in Part 4… My favourite plugins
Need more help? Feel free to get in touch via Zoe Corkhill Web Design – advice is always free!
Pin it for later…