I’m writing this post on the heels of the recent WordPress critical security update. If you missed the announcement, then I am speaking to you in particular.
This recent update was due to a WordPress security breech that could result in your site being compromised in serious ways.
You can read about the update here WordPress.org update announcement, but come back and finish reading this post. It contains vital information that you need to keep your site free from bots, hackers, and other entities that could seriously hurt your business.
Keeping Your Site Safe Requires Your Vigilance.
Update your WordPress site as soon as you hear about the update. Once there’s a WordPress update/announcement, you’ll see it on the dashboard of your site. You’ll also see an alert beside the dashboard link over to the left. Go there and follow the very simple instructions.
Plugins and Themes
Your plugins and themes (templates) must be kept up to date. They actually add code to your site that hackers can exploit if your plugins and themes are not regularly maintained. Again, you’ll see the information your need on your dashboard and the very simple instructions.
Change Your Passwords
Changing the password on your site needs to be a regular part of your site maintenance.
- To change the password, look to the top right area of your site where it says “Howdy, your name”, and hover there.
- In the drop down menu you’ll see the Profile link. Click that link and you’ll be taken to your profile page.
- About half way down you’ll find a section where you can enter, and then confirm, your new password.
Backup Your Site Regularly
You can install a plugin that will back your site up, but if you’re hosted with a reputable company, there should be an option whereby your site is backed up automatically. There are times when your site is too large for the automatic backup, but there should be an option where you can go into your hosting and back your account up. When you back your site up, your files and databases are stored so that if there is an attack you can restore your site.
Here’s a checklist of actions to take on your WordPress site to ensure that your site and/or business cannot be hacked.
- Update to latest WordPress version
Here’s a vid to show you how:
- Install security plugins on your WordPress site
- Perform all plugin updates
- Delete and uninstall old or unused plugins
- Change your passwords regularly
- Use a different password for each site you own
- Use random passwords that would be very difficult to guess
- Do not share your WordPress passwords, but if you do share it, change it immediately after use.
- Set up separate permissions for each user on your site.
- Back up your site files on an automated and regular schedule
- Store your backups in more than one place
- Use only secure internet connections
- Never download anything you’re not sure about
- Do not download plugins that you’ve not researched, and by that I mean research the developer/authors. If it is offered at WordPress.org, you are fairly safe. If it’s offered on a private site, do your due diligence in researching the background of the plugin/developers. There are perfectly legitimate developers out there who create awesome plugins and there are lots of sketchy developers too — you just need to know which they are.
- Purchase reliable and recognized web hosting
[bha size=’160×40′ variation=’01’ align=’aligncenter’]