WordPress Security Checklist

April 19th, 2017

Do you use WordPress to power your website? You're in good company Forbes, National Geographic, and The New York Times are all powered by WordPress as is this site, but with a move from traditional fixed HTML and CSS websites to content management systems they need to have the same care and attention that you would give to your business server or desktop.

Many would initially blame hackers for an extremely slow website or being delisted from search engines, but that’s not always the case. When it comes to managing your website, how sure are you that all your bases are covered? If you are unsure, you might want to give this WordPress maintenance checklist a try.

Regularly update WordPress and any plugins.
The core WordPress software. That your website runs on is currently the 239th version of the software. Each version requires an update, previous versions may contain security flaws that a hacker could use to infect your website with malicious code and infect your visitors or use your domain to send spam emails. To update WordPress you can follow this guide. You also need to update any plugins that you are using, plugins enable you to easily add things such as contact forms or image sliders easily, but these also need to be updated to prevent any exploits. To update your plugins you can follow this guide.
Before updating any software you should always check compatibility, updates can break your site if not carried out correctly, check with your web developer before doing this.

Make backups
It’s crucial that you perform a daily offsite backup of your WordPress files and database. This ensures data security in the event of a network breach or natural disaster and facilitates the resumption of your business's regular operations. Although plugins like BackUpWordPress and hosting servers like SiteGround automate the backup process, you should still perform manual backups.

Verify backups
Not only should you be making backups, you should also be verifying them. By doing so, you are making sure that the backed up files are going where they are supposed to, and backups are being restored. The last thing you need is a failed backup strategy on the day you need it most!

Daily security reports
If you ask any cyber security expert, “Is it crucial to maintain a daily network security report?” the answer will be a resounding YES. While you might not have enough time to carry out thorough inspections and create these reports yourself, you can rely on security monitoring services like Securi. Not only does it carry out the inspections, it sends an SMS notification of any suspicious activity and even emails you a daily status report.

Malware scans
Cyber-criminals are growing in both number and sophistication. With every passing day, new strains of malware are developed and released onto small- or medium-sized businesses. Unless you are a bonafide hacker yourself, detecting malware might be a little tricky. WordPress plugins like Wordfence keeps your website safe using the latest firewall rules, malware signatures, and malicious IP addresses.

Speed audits
Slow and steady might be qualities valued by some, but not so much for your website. Plugins like Google PageSpeed Insights test how fast your site loads. Because if it takes more than five seconds, you should consider implementing caching and other measures to speed up your site. Slow sites put off visitors and lower search rankings.

By sticking to the checklist, you too can harness the power of this online, open-source website creation tool. But the days of having a website designed and leaving it are over, if you have a modern content management system you have to check and keep the core software up to date as you would with your server or desktop operating system.

Edited with permission from TechAdvisory.org. Source.