Today we’ll conclude the Blog Maintenance Checklist with a post about how to secure your blog. Before we get to that, let’s recap what we’ve gone through so far in this series:
- In Part One, we learned the importance of keeping your WordPress platform and plugins up to date.
- In Part Two, we learned about making regular backups, comment moderation, and how to check for broken links.
- Part Three shared how to check your Adsense ads and your RSS feed.
- Part Four explained about understanding your blog’s analytics.
Some of those posts have touched on security, especially the posts about keeping WordPress and plugins updated and the post on making regular backups. Today, I’m going to share with you some plugins I use on client sites to keep them secure and some other ways you can beef up your blog’s security.
- First of all, when you get WordPress installed, create a new administrator using a strong password. Then, delete the default admin account. You’ll need to log out of your dashboard before you can delete the user you’re logged in as. And make sure you’ve saved your strong password somewhere so you will be able to log in as the new user you just created.
- Make sure you keep WordPress and all plugins up-to-date.
- Next, move the config.php file from the root directory. You can use an FTP client such as FileZilla to do this. Log into Filezilla using the same username and password you used to get into your domain’s cPanel. Then, in the public_html folder, locate the config.php file. (You’ll want to make a complete backup of your site using BackupBuddy before you start messing around with this type of stuff. Just sayin’.) Then download the config.php file onto your desktop. Delete it from where it is in the public_html folder, and then place the one you saved into the top level of the domain (in other words, in the same directory as the public_html folder instead of inside that folder). Check your site to make sure everything still works. If you made a mistake when you moved the file, import your site again using ImportBuddy.
- Download and install the Better WP Security plugin. Again, make sure you have a fresh backup before performing any security measures on your site. Some security plugins require the ability to access files that can cause issues, so make sure you’re prepared in case the plugin doesn’t work correctly. I haven’t had any trouble with it, but there may be compatibility issues with this plugin and another plugin you have installed or even the theme you’re using. It probably won’t happen, but be prepared just in case. This isn’t a one-size-fits-all security fix, but it comes very close. This plugin has a comprehensive dashboard that gives a color-coded snapshot of security issues that need to be addressed. Be sure to read all the features on the plugin’s site. This is a free download.
- Ultimate Security Checker – this plugin scans your site for security threats and gives a point-based score to let you know how you’re doing as well as a list of things to change and how to change them. The plugin developer also sells tools that will automatically fix your site’s security issues, but if you’re a bit tech savvy, you can do it yourself. The plugin itself is free.
Like most unsavory characters, hackers tend to prey on easy targets. While no site is 100 percent completely safe from the best hackers (even banks and government sites have been hacked), if you take these precautions mentioned, you’ll be in a harder-to-hack category, which should discourage most would-be hackers from bothering you.
But again, your best defense against a potential attack is to keep a fresh backup handy. That way you can be up and running again within a matter of minutes with little or no frustration. I know BackupBuddy is expensive, but in my experience, it’s worth it.
This concludes our Blog Maintenance Checklist series. Do you have anything to add to our list? Please share your ideas in the comments section.