If you have a self-hosted WordPress site, make sure it is secure and protected.
Many self-publishing authors are moving to WordPress because of the enhanced book marketing functionality and even income potential it offers.
While most hosting providers make it very easy to install and setup WordPress, your new site may not be secure. Make sure you secure your new WordPress site with these five quick and easy steps.
If you have moved, or are thinking about using WordPress for your website or blog, it is worth taking the time to make sure that your site is protected, secure and safe from hackers and spammers.
Whenever I setup and new WordPress site, the very first thing I do is make sure it is safe and secure by taking the following five steps.
Five quick steps to secure your WordPress site
1. Change the default username and password
Without a doubt, the very first security step to take is to change the default username WordPress assigns for a new installation. Leaving your username as ‘admin‘ is an open invitation for hackers to break into your site.
Change your username to something that is not easy to guess. Don’t use your name as this is far too easy for hackers. While it doesn’t need to be long, it should be at least 8 letters. At the same time, don’t forget to change and strengthen your password.
A strong password is by far the very best protection you can have for your site. It should be a minimum of 8 characters long and include at least one number, symbol and capital letter.
2. Add SSL and https security for your visitors
If you can, change your site from http to https. Many hosting providers offer free SSL certificates. Check if your host can supply an SSL certificate for your site.
For a new site, it’s very easy change to https. But for an existing site, you might like to read an earlier article I wrote about moving an existing site to SSL and https.
3. The very first plugin you install must be Akismet
Comment spammers are rife on WordPress and they can drive you nuts. The best way to block them is with Akismet. It’s a free plugin and is very easy to install.
Once you activate Akismet, you will be safe from 99.999% of comment spam.
4. Wordfence is my second must install plugin
When I first installed Wordfence a few years ago, I was staggered at the number of attacks on my site that I had no idea about.
Wordfence is a very effective free security plugin, but it does take a little while to understand all the setup options. I found that using the default options works well to start, but a little refining is worthwhile once you are familiar with how it works.
The one option I would recommend is to turn off ‘live traffic‘ as it can be a resource hog.
There is a paid version of Wordfence, but I find that the free version does everything I need to keep the bad guys out.
5. Updraft Plus, for when things go wrong
You should always have at least weekly full backups of your WordPress site and database. Even if you do have them, are you sure you can do a restore quickly if a disaster arises?
A lot of free backup plugins do not offer a restore function, so they are, if fact, totally useless. Don’t necessarily trust your hosting service either, as most only offer short term backups of perhaps only seven days.
Secure backups need to be off-site and easy to restore, if and when a problem occurs.
Backup and restore with UpdraftPlus works seamlessly and automatically once setup.
UpdraftPlus has one other huge benefit of being able to save backup files automatically to Google Drive, Dropbox, OneDrive, Amazon S3, email, plus more remote locations. These off-site backups are the most secure means of protecting your site.
Updraft is a free and paid backup plugin that works without a hitch. I have been using it for a long time now, and it has saved me on many occasions, particularly when a simple thing like a plugin or theme update goes horribly wrong.