If you have a WordPress blog or a website, you may be wondering how to keep it safe from hackers and from accidental changes or deletions. There are four things everyone needs to have in place to keep your WordPress blog safe.
These are a few easy steps you can take within the next few minutes to make sure your WordPress website is secure.
1. Only connect to WordPress on a secure WiFi connection.
Did you know that when you connect to a website using unsecure WiFi, such as airport WiFi, Starbuck’s WiFi, or public WiFi, that anyone can see your username and password? That means when you connect to your website via FTP or simply log into your WordPress dashboard anyone can see exactly what your username and password are and use those names for themselves!
That’s why it’s important to only connect to your WordPress site and only connect to FTP if you have an SSL connection. This can be a “real” network or you can connect with a cellular 3G network instead of WiFi (I use the one on my iphone or you can buy a mifi separate device. It’s like having your own portable network!). If you don’t know what any of those things are, then simply make it a point to only connect to your FTP website and WordPress from home instead of in public.
2. Only use plugins that you trust.
Are you aware that any WordPress plugin, if it so chooses, can have access to your entire WordPress site? All of your users, all of your content, and most of the time, to every single file on your website!
That is the reason why it’s very important that you only use WordPress plugins that you trust. Don’t go out and install 200, 300 plugins just because they all seem like they have cool features. If a plugin is brand new, if no one seems to be using it, that is not a good sign. It may be a Trojan Horse type of plugin where someone has simply put it out in the hopes that someone else will install it on their website, and now you have given the hacker complete access to your files and your content.
3. Keep WordPress up to date.
People find security holes all the time, and WordPress is quick to fix those holes, but it does you no good unless you update your blog to the current version which is safeguarded against most attacks.
Luckily the most current versions of WordPress have a single button you can click to update it, which means it downloads and installs the most recent version so you are now protected. I generally wait a week or so after a new update comes out before updating – that way if they find problems with the update, they can fix that, too!
And here’s a time-saving tip for you: I ask my webmaster to do the updates. He’s much faster at it than I am AND he can immediately fix anything that breaks in the process.
4. Back Up Your Blog Regularly!
I use a plugin I love and trust from a reputable programmer. My blogs backup every Saturday night – and store the backups where I ask them to. It all happens automatically, while I sleep.