We have some big things planned this week my friends!! We are going to highlight WordPress security all week and you’re definitely going to want to get in on the giveaway sponsored by the incredible Sucuri.
Now, I know that security gets a bit intimidating for most of my regular readers, so I’m going to break it down into simple steps. And where I think it will be easier to delegate, I’ll mention that. The thing is that most of us have to do at least some of the maintenance on our websites ourselves… and WordPress security is part of that maintenance routine.
Adding Security to your WordPress Maintenance Routine
Specifically, we’re going to talk about 5 things that must be done on your website to keep it as secure as possible.
Please know that it is impossible to prevent 100% of malware attacks, but I’ll tell you something. I handle 2-3 cases of malware a week for my clients (and I don’t have that many clients!) So far 100% of them (all but 1 in 8 years) have been a result of missing one of the following.
One malware infection was the result of a targeted attack. But the rest of the attacks that I deal with are simply a lack of maintenance!! Save yourself the headache (and cost!) and keep up with these maintenance tasks for WordPress security.
If the unthinkable happens – this will save you so much heartache!
We’re going to talk about that today.
This is the #1 cause of infections. (& an AWESOME GIVEAWAY goes live on Tuesday)
Only install safe ones. On Wednesday we’ll explain how to measure the safety of each WordPress plugin.
This is just a fancy way to say that your user management can cause vulnerabilities. We’ll discuss how to mitigate these on Thursday.
This day’s advice is going to be pretty technical. I’ll do my best to describe what you need in non-technical language. And we’ll talk about how you can obtain this maintenance the easiest way possible. Topics will include:
– server files
– config files
– one site per container
Today: Backups Are Essential To Prevent Loss in the event of a WordPress Security Breach
Today, before we get into the big security stuff, we need to get your site backed up! As always, this is covered for any of my retainer clients, so skip this section and we’ll see you tomorrow for the big giveaway!! 🙂
We recommend using a plugin to accomplish WordPress backups. Here’s what we’re looking for in a backup:
- It must back up off site. What we mean is this. Some plugins put the backups onto the same account as your website. However malware infestations usually spread through the entire account – making your backup useless. There is an alternative. We recommend backups that sync with Dropbox or Amazon or something like that.
- Restore ability. This is the thing with cpanel / hosting backups. A lot of the time, they are impossible to restore. Its great to have a backup, but… um… if you can’t use it, what’s the point again?
- Automatic Backups. We want this to be automatic, and for bigger sites, we want this to occur during the slowest bandwidth times. (middle of the night for most of your users).
- Common to all plugins. For any plugin, always know the author’s reputation, be sure it is often updated and check that there are many many downloads with few complaints.
I was going to write out my recommendations but I couldn’t do a better job than what WPBeginner.com has already done. I highly recommend this article listing the popular backup services. He includes the pros and cons, prices (if applicable) and his own recommendations.
Our recommendations for WordPress Backup Plugins
Personally, we use UpdraftPlus for our site, and retainer clients. Where we have issues for one reason or another with UpdraftPlus, we’ll use BackWPup. Both sync with dropbox which we recommend. And we’re able to disable backups for the bigger folders that don’t need backing up – like the cache folder & and the backup folder!!
Backups of backups are NOT needed! And they take up a ton of space.
We found backup buddy to be buggy with larger sites – but our last test of this was a couple of years ago (ions in web time). And we’ve not found a premium plugin to be necessary yet. Go check out WPBeginner.com’s backup plugins post here.
WordPress Security Homework: Day 1
If you want to follow along and ensure your site doesn’t get hacked; or at least give it the best chance of not getting hacked, do these 5 days of homework with us. We’ll have all these tips in a checklist on Friday – once all five days have been published.