WordPress considered one of the most popular CMS (Content Management Systems) today, powering nearly 24% of the websites on the internet. But because of its popularity, it is prone to security attacks and hacks. Almost 60% of websites that use a CMS are on the WordPress platform because of its ease of use and overall strength in search engine optimization features. Since it is an open-source platform, it has a large community of web development contributors that continually enhance the platform with new WordPress plugins and WordPress themes.
Using WordPress as the basis for building your website requires maintenance and extraordinary security measures to guarantee protection from malicious hackers. Having WordPress security plugins, such as Sucuri, Shield WordPress Security, iThemes Security, does help in maintaining overall WordPress security; however, you should take additional steps. We will detail the best ways to secure your WordPress site from malicious attacks, as well as how to maintain them.
Undergoing a WordPress website hack can be stressful and time-consuming. Not only does it affect traffic and sales revenues, but it can also hurt Google search engine rankings. Recovering from a hack takes a significant time commitment and money, therefore, it is crucial to take the necessary precautionary steps to keep your website healthy.
Prevention costs are far less expensive than recovering from a full-blown security hack.
WordPress websites commonly get hacked through WordPress security vulnerabilities, such as in the hosting platforms, non-secure WordPress themes, and plugins, or weak passwords. Hacks can come in several ways:
- Hackers can use your site to infect your visitors' PCs with malicious software to gain information. It can also affect your website with malware such as key trackers, back doors, and ransomware.
- Redirect your visitors to other websites.
- Server takeover and use your hardware for sending spam emails.
Below are the best practices in maintaining and securing WordPress websites:
1. Use a unique table prefix: When you are setting up a new WordPress website, make sure to change the Table Prefix to something unique. The default is "wp_", and hackers will use this knowledge to beginner WordPress designers to make your website more vulnerable to SQL injections. You can change the Table Prefix using the iThemes Security plugin.
2. WordPress version: Keep your WordPress version up to date. WordPress will provide updates with new features and address any security issues in previous versions.
3. Theme updates: Remove any themes that are not needed to help speed up your website. A few great resources that you can use to see if plugins and themes are trustworthy are WordPress Plugin Vulnerabilities, Theme Check, and Plugin Check.
4. Plugin updates: Remove any plugins you do not use, as this can also improve the speed of your website. If the developer hasn't updated a plugin for more than a year, then it's better to search for an alternative plugin. Regular theme updates and plugins aid towards making your WordPress website more secure.
5. Tools for website scanning: If you suspect that your website has been compromised or hacked, be sure to use tools to scan or check your website:
- Viruses: AntiVirus, WP Antivirus Site Protection plugin, VirusTotal web service
- Malware: Sucuri SiteCheck.
- General: Unmask Parasites and Web Inspector.
- Spam: MX Toolbox.
6. Username and passwords: Delete the user account name "admin" and create a new admin account using a unique username. Keep the password secure by using a combination of capital, numbers, special characters, and small letters. Limit the login attempts into the backend, which will prevent brute force attacks.
7. Backup your website: Backup your site frequently. Having backup files can come in handy, in case troubles do arise. Backup can be done through the hosting provider, downloading local copies through FTP, or via a plugin that can automatically backup your website: BackupBuddy, UpdraftPlus, BackWPUp, BackUpWordPress.
8. Optimize your database. The database is where your website content is stored – this includes any images, videos, blogs, pages, and page settings. As your site grows, your database fills up and can hurt your website speed (Google ranking factor). There are several useful WordPress plugins to optimize your site database and MYSQL database tables: WP-Optimize, WP-Sweep, P3 (Plugin Performance Profiler), WP Clean Up, Optimize Database after Deleting Revisions, WP-DBManager, Optimize DB. Also, do not miss these as they can help as well: W3 Total Cache, EWWW Image Optimizer, WPDBSpringClean, Revision Control, WP Performance Pack, NextGEN Gallery Optimizer, WP Database Cleaner, Wordfence Security.
9. Keep your website speed on point. Website loading speed is a Google ranking factor; thus, having a slow loading site can hurt SEO and website traffic. Use Google PageSpeed Tools and GTmetrix to gain insights into how you can optimize your website's load time and performance.
10. Maintenance mode. If you are working on a live site, it's better to take your website offline, so that your visitors don't see or experience anything that they shouldn't while you are making updates. There are plugins that you can use to indicate to your visitors that your website is currently in maintenance mode: WP Maintenance Mode, Maintenance, and Coming Soon Page & Maintenance Mode.
11. Test your forms. You'll want to test your contact and order forms to ensure that they're working correctly and that you don't miss out on any lead conversion opportunities.
12. Index check. If you want website visitors, then people must be able to find it on Google. You can check to see if your website has been indexed or listed in search engines by typing site: 'yoursite.com' into the Google search engine field or by using the Screaming Frog SEO Spider Tool.
13. Monitor SEO. Being up-to-date is essential to ensure that your website gets indexed in search engines. You can monitor SEO using some tools, such as Google Analytics. You'll also want to optimize for on-site SEO opportunities to help increase your website rankings.
14. Monitor offline status. You can monitor the uptime of your website using Pingdom. The quicker that you know whether your website goes offline, the faster that you can address the issue.
15. Hire a website maintenance company. If time is of the essence to you, and you don't have in-house IT or a webmaster, then it's ideal to hire a company that specializes in website maintenance. Some web agencies will specialize in WordPress maintenance, Magento maintenance, or both.
Below is a list of the features included in a website maintenance package. Some companies may have only a few or offer all of these features, and may also have different tiered pricing depending on the requirements, size of the website, and company size (e.g. SME vs Enterprise):
- Technical support
- Security audit & recommendations
- Full-site & database backup
- WordPress version updates
- Plugin version updates
- Content updates
- Uptime monitoring
- Malware and virus scans
- Changes to the website
- Spam comment cleanup
- Support marketing initiatives
- 24/7 Up-keep monitoring
- Available performance caching
- Strategy & planning
- Database optimization and cleanup
- Security audit
- SEO analytics report
- Speed up your website
- Tighten security
- Grow more traffic
- Fix broken links/codes
- Decrease cart abandon rates
- Mobile responsive on all devices
- Priority urgent request support
- Annual development hours
- Plugin or theme installs
- Site migrations
- Custom development of the website as per requirements
- Site performance check & recommendations
- Development of test websites
At Webilize, we have WebilizeCare Customer Success Services, offering support to companies at all levels from small and mid-sized to the enterprise. Requests can range from simple security and maintenance tasks to complex integrations. We offer support plans for WordPress and Magento websites.
Be sure to read our blog post on SEO called, "SEO Best Practices (2017 Update)"
Other articles you might be interested in