WordPress is a powerful tool used by many Brighton businesses and organisations. But to keep it secure you must actively maintain and protect. As a Brighton-based WordPress developer, I can help you do that.
For most smaller sites achieving a decent level of security shouldn’t be an onerous task. Below are some tips to get you started, with a couple of caveats.
While the steps below will all help to strengthen the security of your website, they can’t guarantee that your WordPress website will not fall victim to hackers. Be prepared for the worst case scenario – make sure you have a website backup and a contingency plan in place.
If you run a website that handles financial transactions on site or holds sensitive user information you should speak to developers or security experts about keeping your site safe. The Security Bureau are based in Brighton and are very friendly.
Having said all that, here are my tips to get you started with WordPress security.
Keep your WordPress site updated
One of the most common vulnerabilities in a WordPress site is an out-of-date theme, plugin or WordPress core files. You can easily make sure they are all up to date by checking your wp-admin dashboard at least once a month. Better quality hosting companies also offer automatic WordPress updates, so you don’t have to worry about it.
If you’re concerned about updates breaking your site, contact a Brighton-based WordPress developer like me who can create a staging version of your site and test all updates before pushing them live. I offer a service where I can do this for you every month – just get in touch.
Good quality WordPress hosting
While your website is the foundation of your business, your hosting is the foundation of your website. Some hosting companies offer managed WordPress hosting, in which performance and security are optimised for WordPress. It is worth paying for. As well as higher levels of server security they will be able to provide more help in the event of a web emergency. Good quality hosting providers also provide daily backups and easy ways to restore your site should it go down.
I can help set you up with good quality WordPress hosting and manage the ongoing relationship. Again – just get in touch.
Strong site admin passwords
A weak WordPress password is an obvious chink in your site’s armour. I would recommend a password manager, such as LastPass or KeePass. You only have to remember one complex password or passphrase and the manager generates random, complex passwords for all the sites you use. As well as improving your site security, it makes your whole web life easier.
Remember you also need strong passwords for your hosting account, site database and FTP account.
You might also consider two-factor authentication for your passwords. There are a few WordPress plugins which will do this for you.
Limit WordPress admin users
Make sure your site has the smallest number of users possible with admin priveleges. If a person has left your organisation, make sure you delete their user account. If they don’t need admin priveleges, downgrade them to editor or author. They can still post articles but won’t be able to break the site so easily.
A security certificate or SSL will encrypt all the communications between your site and your users. They are now free to install, courtesy of Let’s Encrypt and your hosting provider should be able to set it up for you. There’s no excuse not to have one!
Back up your site regularly
It’s worth being prepared should the unthinkable happen. A good hosting company will provide regular backups of your site, which you can easily restore.
Use a security plugin
I’ve included this one near the bottom of the list, as it’s only one of the steps you should take. But security plugins can offer services like a site firewall, file monitoring and measures to limit the number of logins a potential hacker can try. Sucuri Security comes highly recommended.
Get in touch
I develop and design WordPress sites for businesses and other organisation in Brighton and the surrounding area. If you need help with maintaining or fixing your current WordPress site or building a new WordPress site, I’d be happy to help. Call me or drop me an email.