WordPress Security and Maintenance Best Practices

WordPress is considered one of the most popular CMS (Content Management System) today, powering nearly 24% of the websites on the internet, but because of its popularity, it is prone to WordPress security hacks. Nearly 60% of websites that use a CMS are on the WordPress platform, because of it’s ease of use and strength in search engine optimization (SEO) features. Additionally, since it is an open source platform, it has a large community of web development contributors that continually enhance the platform with new WordPress plugins and WordPress themes.

The caveat to using a really popular platform such as WordPress for building a website is that it requires maintenance and security measures to ensure that it doesn’t get hacked - security is a definite weak point for the WordPress platform, and not maintaining it properly can lead to significant WordPress security issues. Although there are good WordPress security plugins, such as Sucuri, Shield WordPress Security, iThemes Security, that does a decent job in helping to keep WordPress websites secure, additional steps should be taken to ensure that your website is running at optimal performance. This article will detail the best practices in how to secure WordPress websites, as well as how to maintain them.

Having a WordPress website hacked can be a nightmare for any businesses. Not only does it affect traffic and sales revenues, but it can also have a negative impact on Google search engine rankings. Recovering from a website hack takes time, money, and energy, and it can be quite stressful, therefore it is important to take the necessary precautionary steps to keep your website healthy.

Prevention costs are far less expensive than recovering from a full-blown security hack.

WordPress websites commonly get hacked through WordPress security vulnerabilities, such as in the hosting platforms, non-secure WordPress themes, vulnerable plugins, or weak passwords. Hacks can come in several ways:

• Hackers can use your site to infect your visitors’ PCs with malicious software to gain information. It can also infect your website with malware such as key trackers, back doors, and ransomware.
• Redirect your visitors to other websites.
• Server take-over and use your hardware for sending spam emails.

Below are best practices in maintaining and securing WordPress websites:

(1) Use a unique table prefix: When you are setting up a new WordPress website, make sure to change the Table Prefix to something unique. The default is “wp_”, and hackers will use this knowledge to beginner WordPress designers to make your website more vulnerable to SQL injections. You can change the Table Prefix using the iThemes Security plugin.

(2) WordPress version: Ensure to keep your WordPress version up to date. WordPress will provide updates with new features and address any security issues in previous versions.

(3) Theme updates: Maintain WordPress Themes: Remove any themes that are not absolutely needed. This can also help speed up your website. A few great resources that you can use to see if plugins and themes are trustworthy: The database for WordPress Plugin Vulnerabilities, Theme Check, and Plugin Check.

(4) Plugin updates: Maintain WordPress Plugins: Remove any plugins that are being used. This can also improve the speed of your website. If a plugin hasn’t been updated by the developer for more than a year, then it’s better to search for an alternative plugin. Theme updates and plugins are arguably the most important steps that you can take in making your WordPress website more secure.

(5) Tools for website scanning: If you suspect that your website has been compromised or hacked, be sure to use tools to scan or check your website:

• Viruses: AntiVirus, WP Antivirus Site Protection plugin, VirusTotal web service
• Malware: Sucuri SiteCheck.
• General: Unmask Parasites and Web Inspector.
• Spam: MX Toolbox.

(6) Username and passwords: Delete the user account name “admin” and create a new admin account using a unique username. Keep the password strong by using a combination of capital, numbers, special characters, and small letters. Limit the login attempts into the backend which will prevent brute force attacks.

(7) Backup your website: Backup your website on a frequent basis. Having backup files can come in handy, in case troubles do arise. You can make backups of your website through the hosting provider, downloading local copies through FTP, or via a plugin that can automatically backup your website: BackupBuddy, UpdraftPlus, BackWPUp, BackUpWordPress.

(8) Optimize your database. The database is where your website content is stored – content includes images, videos, blogs, pages, and settings. As your website grows, your database fills up and can have a negative impact on your website speed (Google ranking factor). There are several good WordPress plugins that can be used to optimize your site database and MYSQL database tables: WP-Optimize, WP-Sweep, P3 (Plugin Performance Profiler), WP Clean Up, Optimize Database after Deleting Revisions, WP-DBManager, Optimize DB, W3 Total Cache, EWWW Image Optimizer, WPDBSpringClean, Revision Control, WP Performance Pack, NextGEN Gallery Optimizer, WP Database Cleaner, Wordfence Security.

(9) Keep your website speed on point. Website loading speed is a Google ranking factor, thus, having a slow loading site can hurt SEO and website traffic. Use Google PageSpeed Tools and GTmetrix to gain insights into how you can optimize your website’s load time and performance.

(10) Maintenance mode. If you are working on a live site, it’s better to take your site offline, so that your visitors don’t see or experience anything that they shouldn’t while you are making updates. There are plugins that you can use to indicate to your visitors that your website is currently in maintenance mode: WP Maintenance Mode, Maintenance, and Coming Soon Page & Maintenance Mode.

(11) Test your forms. You’ll want to test your contact and order forms, to ensure that they’re working properly and that you don’t miss out on any lead conversion opportunities.

(12) Index check. If you want website visitors, then it is important that people are able to find it on Google. You can check to see if your website has been indexed or listed in search engines, by typing site:yoursite.com into the Google search engine field or by using the Screaming Frog SEO Spider Tool.

(13) Monitor SEO. This is essential to ensure that your website gets indexed in search engines. You can monitor SEO using a number of tools, such as Google Analytics. You’ll also want to optimize for on-site SEO opportunities to help increase your website rankings.

(14) Monitor offline status. You can monitor the uptime of your website using Pingdom. The quicker that you know whether your website goes offline, the quicker that you can address the issues. If you’re running an eCommerce, and your business depends solely on online sales, then monitoring your website uptime is extremely important.

(15) Hire a website maintenance company. If time is of the essence to you, and you don’t have in-house IT or a webmaster, then it’s ideal to hire a company that specializes in website maintenance. Some web agencies will specialize in WordPress maintenance, Magento maintenance, or both.

Below is a list of the features that are typically included in a website maintenance package. Some companies may have only a few or offer all of these features, and may also have different tiered pricing depending on the requirements, the size of the website, and the company size (e.g. SME vs Enterprise):

• Technical support
• Security audit & recommendations
• Full-site & database backup
• WordPress version updates
• Plugin version updates
• Content updates
• Uptime monitoring
• Malware and virus scans
• Changes to the website
• Spam comment cleanup
• Support marketing initiatives
• 24/7 Up-keep monitoring
• Available performance caching
• Strategy & planning
• Database optimization and cleanup
• Security audit
• SEO analytics report
• Speed up your website
• Tighten security
• Grow more traffic
• Fix broken links/codes
• Decrease cart abandon rates
• Mobile responsive on all devices
• Priority urgent request support
• Annual development hours
• Plugin or theme installs
• Site migrations
• Custom development of the website as per requirements
• Site performance check & recommendations

For more similar content, check out our Optimized Webmedia Blog

If you found this article useful, please Like & Share, and feel free to connect with me on LinkedIn.