The Ultimate Guide to Make Your WordPress Site Secure in 2019
In this article, I am going to explain why it is important to protect and maintain your WordPress website and how in 2019 you can do it in a few easy ways.
I want to share a story, if you’ll allow me. This wasn’t a client of mine, an agency friend told me the story and I think it’s an important one to share.
Tim has a furniture business with an E-Commerce website. This enables him to sell his furniture to customers from across the country and for some pieces, around the world.
When Tim’s website was built by his web agency, they offered to assist him with website security and keeping the website maintained. Tim declined this offer as he wanted to look after everything by himself.
The unfortunate problem for Tim was that he just didn’t have time to do the important maintenance tasks that he needed to do, as well as run his business. He had good intentions when he said he’d look after his website, but time got the better of him, again and again.
As the website was not maintained for more than a year, eventually a security flaw was exploited, one that had long been patched by the developer of the particular plugin. This exploit allowed a malicious attacker to gain full entry to Tim’s website and to steal data from his customers.
Tim was lucky that he didn’t store credit card numbers, but it was a serious data breach and over 10,000 customers were affected. All of this happened because he didn’t take the necessary steps to look after his website.
To repair the damage to Tim’s website, cost Tim over $3,500. He also had to inform his insurance company of the issue and his liability, as well as apologize to every customer whose data was lost. His web agency needed to liaise with the RCMP about the issue.
Tim is thankfully still in business today, but is a lot more careful with his website now.
It doesn’t take a great deal of time to look after a website, but it’s really important that this time is actioned. Maintenance to your website is just as important to your car or your home. If you ignore either of these, eventually things will break down and you’ll have problems.
A WordPress Care Plan from an experienced WordPress agency brings you peace of mind and an expert pair of hands to assist you if there’s ever an issue with your website.
What would peace of mind in your business be worth to you?
In order to help you to avoid the kind of problems which Tim encountered, we’ve created a checklist of maintenance tasks which you need to focus on for your website and separated it into weekly, monthly, quarterly and yearly tasks.
You can download your checklist here.
Use the checklist to assign tasks for yourself or your employees and you can make sure that you stay on track with all of your maintenance tasks. Your website will be safer and more secure if you look after it regularly.
You might find that you have additional tasks to add to the checklist for your specific website. For example, if you have an E-Commerce website – you might want to set a certain day of the week for adding new products or looking at improving existing ones. Feel free to add in extra tasks to your checklist. It should grow organically over time, just like your business.
Now, you need to have your website available 24/7 so visitors can check your services or products anytime. Also, they need to be sure that the buying process is reliable and secure, a good web hosting is a major part of all this!
There are free online monitoring tools that you can use to monitor the uptime of your website. When we say “uptime”, what we mean is the time that your website is available online without being offline for any errors or issues.
The uptime should be 100% or as close to this as possible. If you frequently see short periods of downtime, this means your website was offline and inaccessible to your customers during this time.
Head over to Uptime Robot [Link: https://uptimerobot.com/] and make a free account.
Once you’re logged in, set up a new monitor and enter in your website address. It’s important to make sure you choose HTTP or HTTPS here, if your website has an SSL certificate (and it should in today’s modern world!). Set the monitoring interval to 5 minutes and make sure you tick the option to receive an email if your website is ever offline. Then save your new monitor.
Uptime Robot is a very useful tool as you will receive an email if it detects your website is offline. It’s like having an employee checking your website every 5 minutes… 24 hours a day, 7 days a week.
If your website is frequently offline or if you’re not getting an uptime of 99-100%, without a specific reason from your hosting company such as “emergency server maintenance”, then you need to strongly consider if you are hosting your website in a place that is best for your business.
There’s one thing you can do with your website right now that will improve your peace of mind. Let’s make sure you have automated backups of your website in place. This way, if anything goes wrong with your website in the future, you’ve protected your most important asset and made sure that you have backups available to restore your website.
You’ll need about 15-20 minutes of time. So block that off in your diary and let’s get started…
Firstly, you’re going to need a Dropbox or Google Drive account. If you don’t have one of these, they’re both free so please choose one and get that setup first. As a recommendation, Google Drive offers more storage – so is a better choice for storing more backups.
To make the next parts easier, it’s better to follow along with a video tutorial. Our friend Adam over at WPCrafter has a great video tutorial for setting up UpdraftPlus, which is a free backup plugin, on your website. Click here to watch the tutorial [Link: https://www.youtube.com/watch?v=jXb512M_WSY]
To add on at the end of the tutorial, Adam doesn’t cover this but it’s a great extra step for peace of mind. Once you’ve finished your first backup, log-in to Dropbox or Google Drive and check to see that your website has been safely backed up and the files are present here. If you can see the newly backed up files, then you’re all set!
Congratulations, you’ve now set up automated backups for your website and made everything more secure. Grab yourself a coffee, you deserve it!
Let me know if you found setting up automated website backups easy. Do you feel better knowing that your website is automatically backed up?
How are you currently managing passwords for your business?
If you’re already using a password manager – that’s great! If you’re not, please read on as this will help to keep your business safe.
A lot of people will store passwords in their browser, write them down or a combination of the two. This is not safe for a number of reasons, but mainly let’s just focus on the fact that your business security is only as good as you or your employees. It’s easy for us to be caught off-guard, and when that happens it can already be too late.
Let’s look at password managers. Here are three that I recommend, they all have a trial period and then a small ongoing fee to cover usage:
1Password – https://1password.com (Canadian Company – Yay!)
Dashlane – https://www.dashlane.com
LastPass – https://www.lastpass.com/password-manager
Each of the above password managers has a Team/Family option available that allows you to share passwords between your employees. So that you can have one central bank of passwords and then give each employee access to passwords that are relevant for their work.
Most importantly and as a last vital tip – make sure that you are using unique passwords for every website and online account that you access. If any of your passwords is ever leaked through a security breach with a large organisation in the future, it’s much easier to just change one password and not worry that you’re using the same one for PayPal or other critical business websites.
After you’ve setup an account with one of those password managers, go ahead and change your administrator password for your WordPress website, use the generator tool to make sure that your password is not ‘guest. Also, if you are using ‘Admin’ as a username, maybe it is time to change that too!
Time is one of the most precious gifts that we have in this world. Every second that passes is a second that is gone forever. It’s important that we’re able to enjoy every second that we have available to us, and to spend that time wisely.
As with Tim’s story, it’s easy to say you’re going to look after and maintain your website, but even the best laid plans often go to waste.
Without the time spent on maintenance, security and care, you will eventually have a problem with your website. You may have already experienced this, so if you have, you know exactly what I’m talking about!
No-one needs to spend their precious time worrying about a problem with their website. The stress of your website being offline or your customers being affected, just isn’t worth it. Fortunately there is a solution and it’s called WP Expert. Please read on to learn more.
At WP Expert we offer WordPress Care Plans [link to your care plan page] to all of our clients. If your website was built by us, you would’ve been recommended a Care Plan that would suit your business when we launched your website.
If your website wasn’t built by us, we can still help you. We run WordPress Audit on websites that were built elsewhere, which allow us to check your website for any issues and help you to fix these before you join one of our care plans.
If you’d like to see some more information on our WordPress Care Plans please click here [Link to Care Plans page again].
Our aim is to deliver peace of mind to you and your business. We’ll help you keep your website safe, secure, maintained and updated. This will allow you to focus on the tasks that are most important to you so you can spend more time with your family and loved ones.
I hope you’ve found our article useful.
As you can see, time and expertise are the major factors in keeping your website safe and secure.
I understand that business can be stressful and there’s never enough time in the day to complete every important task. This is why we offer a WordPress Care Plan service to business owners like yourself, giving you peace of mind and comfort knowing that your website is in safe hands.
I’ve recently set up an online call booking system (link) – so let’s have a 15 minute chat about your website and any issues that you’ve been facing.
It will be a great opportunity for you to ask any questions that you have about our WordPress Care Plans and to establish if they are a good fit for your business.
Here’s a link to my booking calendar (link). Please pick a date and time that is suitable for you and I look forward to talking with you soon.