WordPress Website Security Recommendations
Keep WordPress, themes and plugins up to date
Software updates often improve security and compatibility issues, as well as fix bugs and adding features. It's so easy to update from within WordPress. I provide a service to maintain WordPress websites and keep them up to date on a weekly basis.
Remember to backup
Remember to backup first (see below) and consider testing compatibility issues by reading forums. If your website has critical business operation, which you would not want interrupted by technical problems, then test all software updates and significant changes on a copy (staging) of your site. For convenience "Wordfence Security" has a handy notification option to let you know when there is a software update available.
Checking WordPress, plugins and themes for file changes
Use WordPress Health Check for an overview of WordPress and server software updates for security issues. Use Sucuri Security to harden (make more secure) WordPress folders, check for vulnerabilities and re-download all plugins which originate from the WordPress plugin library. Wordfence Security also includes compares core WordPress files, theme files and plugin files, allowing you to restore changed files back to the same as the original files in WordPress file library.
Replace Admin user
- Add new user with administrator privileges
- Give it a unique username & strong password
- Log out and log back in with the new username
- Delete "admin" - transferring all posts to new user
- Use real names for post credits rather than usernames.
For security on comments I recommend WP ReCaptcha Integration which is a tick box, an easier alternative for users than to answer a quiz or decode a captcha image.
Scanning for malware & malicious files
I recommend "Wordfence Security" which includes checking core files, theme files and plugin files against the WordPress repository. You can observe traffic and block suspicious activity, fake crawlers and login attempts. Scan themes, find suspicious or malicious code and embedded outgoings links. Use WordPress Health Check for an overview of WordPress and server software updates for security issues. Use Plugin Inspector to scan plugins for vulnerabilities.
Always keep a backup of your website both the database and the files especially before making an update to core WordPress files. I recommend BackWPup which allows you to select exactly what you want to backup or exclude. Schedule backups automatically or manually and choose where to save them. I recommend sending backup to remote server, such as a Dropbox account setup especially for website backups, notes and media. I offer a monthly backup service to my remote server for $39 / year (< 1G site).
I recommend WP Maintenance Mode during website setup, construction and make over.
SSL - Domain Security Certificate
Install an SSL Domain Security Certificate, to prevent data theft in transit between your site and your visitor's browser.
Choose reliable web hosting with good support. Make sure they maintain up-to-date server software and keep daily backups. Good hosts will put in place additional safeguards to prevent hacking, such as limiting brute-force login attempts and auto-updating server software (with notification).
Most of these plugins are installed in my WordPress installation service, which is included in all the WordPress Website packages. I have experience using these plugins and methods. Sometimes I have new clients that come to me when they need help fixing a hacked site. I have cleaned a few hacked websites and installed these plugins to prevent further problems.
There are a few ways to optimize and speed up your website for viewers and search engines: database clean up, image optimization, page / script compression, CPU / server load optimization, server file caching and utilize browser caching.
I provide domain name registration, web hosting, Paypal integration, Search Engine Optimization (SEO), Website Page Speed Optimization & Website Maintenance in the Byron Bay area and surrounding towns.
I highly recommend client testimonials on websites. Testimonials can be featured with product samples in a slideshow. Facebook chief executive Mark Zuckerberg was quoted as saying that a trusted referral was the Holy Grail of advertising.