The world of WordPress security and maintenance can seem daunting – particularly when you have a business to run. At Uncoded, we specialise in the day-to-day maintenance and security of WordPress websites, which allows our clients to save time, regain peace of mind, and ultimately focus on running their business.
To help bring you up to speed, we’ve answered some of the most common questions we encounter.
What is WordPress security?
WordPress Security is the process of protecting your WordPress site from malicious attack, through appropriate protection (restricting access), detection (scanning for malicious activity), and backup (creating a copy you can refer to should the worst happen).
Why is WordPress security important?
A secure WordPress website is fundamental to the safety of your business. You spend hours creating high-quality content and building your online presence, so it’s vital you protect your asset with the appropriate due diligence. Unfortunately, there are some bad folks out there, and websites do get hacked. On average, 30,000 sites are identified every day (source Sophos Labs) as distributing malicious code, which means they’re hacked. The internet is a wonderful way to make a living, don’t let a few bad eggs spoil it for everyone else – fight back with better security!
How will I know if my site is hacked?
Most people don’t realise their site is compromised until it’s too late. An infected website can reveal itself in many ways, such as a drop in search rankings, slow performance, strange text or links appearing in your content, or worst of all, complete deletion of your site.
Is WordPress unsafe?
Some folks like to blame WordPress, but this isn’t necessarily fair. WordPress is an open-source CMS that now powers up to 25% of the web, and while this open-source nature helps to make the platform very powerful and flexible, it does also make the foundations of your site very public.
On the positive side, open-source code means you’ve effectively got thousands of developers on your side working hard to improve it every day, and this includes the security side. You just need to be diligent in making sure you integrate these updates as soon as they arrive.
In most cases, hacks do not happen because of WordPress itself; they occur due to inadequate due diligence, weak passwords, server vulnerabilities, and even poor personal computer security.
How can I 100% secure my site?
No website can ever be 100% secure; if anyone ever promises this to you – they’re lying. The online world changes so quickly, with new threats materializing every day. The only way to completely secure your website from attack would be to take it offline, and disconnect your computer from the internet. Good security is about reducing risk.
Can I secure my WordPress website myself?
Of course you can. If you’re not currently using a basic WordPress security plugin, we recommend you start by installing iThemes WordPress security
. This plugin is the tool we use to secure our client websites; even the free version will drastically improve your security. To properly set up and configure iThemes Security, however, takes a lot of time, and some considerable technical chops. If you’re at all uncertain, or just short on time, we recommend you contact us for a free security consultation.
Should I update WordPress as soon as a new version is released?
Yes, everytime. Some folks are scared of updating WordPress for fear it might break their website. And, yes, while there is always a risk that you could lose some functionality, you should always prioritize security. Around 80% of updates are security updates, not functionality upgrades. Also, if a WordPress update fails halfway through, your installation will simply fall back to the previous version – so you needn’t worry about that either. For complete peace of mind, always take a WordPress core backup before updating.
What if my personal computer is compromised with a virus?
Many WordPress hacks happen from the inside – meaning they didn’t break into your site, they just obtained your login directly, through keylogging or other means. Personal due diligence around your personal computer – including strong passwords and appropriate anti-virus software – should be your utmost priority.
I’m on a Mac. Aren’t they more secure?
While it’s true, there are less known threats for Mac computers, this does not make them immune to Malware or other forms of security threat. Besides, if you’re sat in a coffee shop using some free wi-fi, and someone happens to be listening to the network (keylogging everything that’s going on) your website is as good as gone anyway – no matter what system you’re using.
How can I backup my website?
Backup up your website is a vital security measure. iThemes produce a great plugin that will schedule regular backups and email them to you, called Backup Buddy. However, in our experience, it is more secure and efficient to use an off-site maintenance solution, such as Manage WP
, which allows you to schedule regular backups and then store them using secure cloud storage, like Amazon S3.