For most, website security is about as boring as watching paint dry. But you don’t have to be super smart to develop a reasonable website security plan.
My hope in this short website security article is to entertain and education you on how easy it can be to implement a basic website security plan for your website.
Do you have two minutes to learn whether your Mom is missing her BUMM?
Let’s start with your BUMM
Let’s face it, most of us are simply too overwhelmed with day to day “stuff” to worry about the “what ifs” of website security, including worrying about Mom’s blog…
So let’s fix your Mom up with a practical WordPress security plan.
Let’s Build Your WordPress Security Plan Today
Do you have at least one backup of your website files and database saved this week? Backups are your numero uno first line of defense against accidental or not so accidental damage to your WordPress blog.
You may not be able to control every aspect of your WordPress versions, plugins, or scripting, but you can easily control your backups schedule. The added benefit of regular backups is the “I’m so smart!” feeling you’ll experience in the event a WordPress update goes unexpectedly sideways.
A daily and a weekly backup is recommended.
Recommendation: Set BackWPup, Updraft Plus or Backup Buddy to back up your site to Google Drive or Dropbox.
WordPress version updates and plugin updates are a regular occurrence. Don’t ignore these. And if you maintain regular backups you’ll find that even a tragically failed update can be recovered from without too much pain and suffering. Theme updates can be a bit more problematic, though very important as well.
Set a reminder in your calendar to update your WordPress blog and all plugins monthly, or more often if you can manage it.
Set your calendar to plan a theme update every six months (if one is available).
Recommendation: Try Google Now Reminders (for reminders)
Website maintenance, the “oopsy” aspect of website security tends to be overlooked by most budding WordPress bloggers. Periodic maintenance includes deleting inactive themes and inactive plugins no longer needed; easy enough to reinstall later so why take a chance. And old test blogs, development or staging sites, and scripts should be deleted if not actively maintained as well.
Surprisingly, a good percentage of websites are compromised every day due to folks dutifully maintaining their primary blog, but forgetting to delete the old test site or blog they had installed years before. Old scripts are hacker magnets.
Don’t like hackers? Make sure to delete those old or inactive scripts.
Monitor (inside and out)
Monitoring is way easier than you might think. Services like Uptime Robot, Changedetection.com, and even Google Alerts are free, easy to setup monitoring options.
Every computer OS has a range of free to low-cost software for monitoring websites and content as well. There are no lack of free monitoring options, so if your excuse is, “website monitoring costs too much,” well, I have a secret for you, some of the best website monitors cost nothing but the three to five minutes required to set them up.
The question I hear most often regarding monitoring, is, “What do I monitor?”
That’s a fair question. Content is one and uptime is the other.
I use Changedetection.com and Google Alerts to monitor my own website for text changes and my brand respectively. Anytime my website address is newly listed within Google I’m sent an email (from Google Alerts). If my site is compromised, and some hacker peeps decides to brag about their conquest and Google indexes their rants, I’ll receive a notice same day. Yes, hackers I’m watching you!
As for uptime, Uptime Robot is fairly accurate. Downtime happens. Though frequent downtime may be as much your fault as your web hosters server. Hackers can easily overwhelm most websites via botnets; available at your local Dark Net shop for a million hits per penny ($0.01). If your site is offline more often than normal that may mean you are being attacked. And if you are being attacked and the last time you logged into your blog was, “I can’t seem to remember the last time I logged in…,” well, that could be a hint.
Internal monitoring? Absolutely! Monitoring who logs in and when can be one of the best proactive steps you can take in monitoring the security of your blog. See the plugins Stream and WP Security Audit Log plugins for more details.
Following the general security plan items outlined above may just save you hours of future frustration and heartache. So get your BUMM up and help yourself, not the hackers!
Please pass this article along to a friend, family, or clients.
The acronym B.U.M.M is free for use and not trademarked.
This review is 100% affiliate link free. Plugin authors were not asked to contribute to this review. No monies were paid to write this article.