Your objective in Step 9 is to put a backup system in place for your site, and to lock you site down to keep out the bad guys.
Maybe it’s just me, but I find that the biggest threat to my site is myself. I love to play around with the code. Occasionally this takes my entire site down. You can only imagine the stress of potentially losing everything and having to redo all of that work. That’s why it is so important to have a backup system that lets you turn back time and reverse the damage.
The WordPress.org Codex has excellent article about WordPress security called Hardening WordPress. Another great resource is 28 Ways To Secure A WordPress Site. But if you want the Coles Notes version, here are some basic things you can do to protect and backup your site:
1) Secure Password
Use a strong passwords. Do not use words in the dictionary. Do not re-use your WP password on other sites. Put numbers, letters and at least one special character in your password.
2) Regular Back Ups
Your WordPress site has two major parts that need to be backed up:
- Your WordPress Site files: Core installation, plugins, themes, images and files, code files, etc.
- Your WordPress Database
The WordPress Backups article from the WordPress Codex explains everything. It’s possible for you to backup both parts of WordPress manually using a combination of FTP and PHPMyAdmin in your website CPanel. Or you can find a plugin that makes the job easier. Here are a few plugins you might want to consider:
- Premium: I use VaultPress from WordPress.com because they have great support, automated daily backups and 1-click restores for $39 per year
- Free: WordPress DB Backup is an easy solution to back up your database
- Free: WordPress Backup to Dropbox is a newer plugin that has received some positive buzz but I haven’t tried it personally
3) Backup before Updates and New Installations
It’s important to keep your site, your themes and all of your plugins up to date with the latest versions. But it’s also very important to backup your site before installing a new theme, a new plugin, or before updating to a new version.
4) Keep WordPress, Themes and Plugins Up To Date
Keep your WordPress installation up-to-date with the latest version of WordPress. Keep all of your themes and plugins up-to-date too.
5) Run working Anti-virus software on your PC
It only makes sense that you need to develop your website on a computer that is clean and safe from viruses.
6) Use a Secure Hosting Company
Ideally you want to be on a VPS (Virtual Private Server) or Dedicated server. It’s more likely for your site to get hacked if you are using free hosting, or hosting from a less reputable company. Also, smaller hosts can disappear along with your site!
Hosting Reviews 2016 compares top web hosts with regards to page load speed, uptime and tech support to help you decide.
7) Never Install Themes or Plugins from Untrusted Sources
Many themes and plugins contain malicious code that will make your site less secure. This article posted on WPMU.org explains Why You Should Never Search For Free WordPress Themes in Google or Anywhere Else . Likewise, you want to be careful about the plugins you install.
How do you know which sources are trustworthy?
Themes and plugins that you download from WordPress.org are likely to be safe because these plugins have been screened to meet standards set by the WordPress community. If you find a free theme or plugin from outside of make sure to research it. Look for reviews from known WordPress experts like WPCandy.com and WPBeginner.com.
If you are downloading a plugin from WordPress.org, check out the reviews and the activity in the Plugin forum before installing.
- Click through from the WordPress Plugin Directory description page to the Plugin Homepage.
- On the Plugin Homepage, click through to the Forums Posts link. Look at the recent posts to find out if people have been happy with the plugin.
If you find a back up plugin or a security plug that you love, please let us know! Tell us about the solutions you find that make it easier for you to keep your site safe.