Jul 102016

WordPress Website Security Recommendations

Keep WordPress, themes and plugins up to date

Software updates often improve security and compatibility issues, as well as fix bugs and adding features. It's so easy to update from within WordPress. I provide a service to maintain WordPress websites and keep them up to date on a weekly basis.

Remember to backup

Remember to backup first (see below) and consider testing compatibility issues by reading forums. If your website has critical business operation, which you would not want interrupted by technical problems, then test all software updates and significant changes on a copy (staging) of your site. For convenience "Wordfence Security" has a handy notification option to let you know when there is a software update available.

Has Your WordPress Site Been Hacked!!?

Get fixed! Stay Fixed! contact Jason

Checking WordPress, plugins and themes for file changes

Use WordPress Health Check for an overview of WordPress and server software updates for security issues. Use Sucuri Security to harden (make more secure) WordPress folders, check for vulnerabilities and re-download all plugins which originate from the WordPress plugin library. Wordfence Security also includes compares core WordPress files, theme files and plugin files, allowing you to restore changed files back to the same as the original files in WordPress file library.

Login attempts

For login security I recommended combining a few plugins.


Replace Admin user

add new user
For login security I recommended replacing default user "admin" with a new administrator username:

  1. Add new user with administrator privileges
  2. Give it a unique username & strong password
  3. Log out and log back in with the new username
  4. Delete "admin" - transferring all posts to new user
  5. Use real names for post credits rather than usernames.

Comment spam

For security on comments I recommend WP ReCaptcha Integration which is a tick box, an easier alternative for users than to answer a quiz or decode a captcha image.

Form spam

For security on custom page forms I recommend "Contact Form 7" with a Quiz field and WP ReCaptcha Integration, which provides an anti bot tick box, or a Captcha image. Add Contact Form 7 Honeypot to lure bots to fill in a trick field and get blocked.

Scanning for malware & malicious files

Wordfence security
I recommend "Wordfence Security" which includes checking core files, theme files and plugin files against the WordPress repository. You can observe traffic and block suspicious activity, fake crawlers and login attempts. Scan themes, find suspicious or malicious code and embedded outgoings links. Use WordPress Health Check for an overview of WordPress and server software updates for security issues. Use Plugin Inspector to scan plugins for vulnerabilities.

Backup schedule

Always keep a backup of your website both the database and the files especially before making an update to core WordPress files. I recommend BackWPup which allows you to select exactly what you want to backup or exclude. Schedule backups automatically or manually and choose where to save them. I recommend sending backup to remote server, such as a Dropbox account setup especially for website backups, notes and media. I offer a monthly backup service to my remote server for $39 / year (< 1G site).

Maintenance Mode

I recommend WP Maintenance Mode during website setup, construction and make over.

SSL - Domain Security Certificate

Install an SSL Domain Security Certificate, to prevent data theft in transit between your site and your visitor's browser.

Web Hosting

Choose reliable web hosting with good support. Make sure they maintain up-to-date server software and keep daily backups. Good hosts will put in place additional safeguards to prevent hacking, such as limiting brute-force login attempts and auto-updating server software (with notification).

Technical Support

Most of these plugins are installed in my WordPress installation service, which is included in all the WordPress Website packages. I have experience using these plugins and methods. Sometimes I have new clients that come to me when they need help fixing a hacked site. I have cleaned a few hacked websites and installed these plugins to prevent further problems.

Has Your WordPress Site Been Hacked!!?

Get fixed! Stay Fixed! contact Jason

Website Optimization and Maintenance

There are a few ways to optimize and speed up your website for viewers and search engines: database clean up, image optimization, page / script compression, CPU / server load optimization, server file caching and utilize browser caching.

I provide website tune ups on request and recommend a schedule for Search Engine Optimization (SEO) and Page Speed optimization.

Optimization is best applied together with website security and protection and backup and maintenance.

About hubway: web design byron bay

I'm a Byron Bay web designer developing WordPress websites for locals, professionals, small business & community organizations, since 2008.

I provide domain name registration, web hosting, Paypal integration, Search Engine Optimization (SEO), Website Page Speed Optimization & Website Maintenance in the Byron Bay area and surrounding towns.

Website packages include domain name, web hosting, WordPress & plugin installation, website design & tutorial. Website services and support are available at an hourly rate when requested.

I highly recommend client testimonials on websites. Testimonials can be featured with product samples in a slideshow. Facebook chief executive Mark Zuckerberg was quoted as saying that a trusted referral was the Holy Grail of advertising.