Yes! WordPress security and reliability is necessary, especially if your business or readership is growing. While starting a blog, posting personal thoughts on it, publishing online, and gaining a certain number of readers will not actually demand you to have a ‘Managed WordPress Service or Hosting,’ there will be instances in your blogging career that will prompt you to increase the security features and reliability of your site.
WordPress Security and Reliability Issues:
1. Victim of your own success – You write good posts, upload interesting videos, attach inspiring photos, website goes big, members signed-up, and traffic (visitors) increases. Then suddenly, your site is down. This might be caused by reaching your hosting’s storage space or bandwidth limit. There is excessively much files and visitors to handle. You need to upgrade from your present hosting plan or transfer to another robust hosting service.
2. You Broke Something – You just installed a new plugin or a new theme, and then after activating, website is down. You tried to be techy, edited some codes, site crashed after saving. You should have your backup or else you will start again (with tears).
3. Bad Neighbors – Hackers, Malwares, Viruses, DDoS attacks, to name a few of today’s computing challenges. While they help in security innovations, they cause many troubles and could bring your website to ashes.
4. Other emerging problems – This is just true to all open source and widely used applications. They tend to attract the good people as well as the bad people. Bad news, WordPress is not excuse.
What are your options?
You can choose to subscribe to a specialized WordPress Service or Hosting to manage your site (24/7). Well, that is the best option especially if your website is your business or source of income. However, if you are on my shoes, I have these reasons why I don’t opt in to Managed WordPress service yet (at least not yet) and choose to manage my website personally:
1. Managed WordPress Service or Hosting is letting other people (bunch of professionals) to take good care of your WordPress site so that it would always be there to give what your readers are looking for or your customers want. You need Service if you already have a hosting. You need Hosting if you want to start from scratch or transfer your site to them. Because these professionals are highly trained and we are talking about your websites integrity here, sometimes they require you to pay an arm and a leg. My website does not earn that big yet, so managing my site personally will be just fine for me.
2. I want to do it. I consider it more fun and exciting if you are the one managing your WordPress site. While focusing more on what and how you write will be a more productive route to take, enjoying the geeky things is always my thing, so let’s us start discussing on the real objective of this post.
How to manage WordPress?
The best answer is to copy what big names in WordPress Management do in their services. While they offer specialized and high-quality services for the money, we can’t still copy the basics of those services and apply it on our site. Sounds a good idea right?
I visited the websites of WPEngine.com, SiteGround.com, Pagely.com, Bluehost.com, and Arvixe.com to list the features of their services and try to make my own list of what will I do for my site based on what I could learn from them. For sure, they know what they are doing and that’s a good thing for me again.
LIST:
1. Trusted Hosting - You need to choose a reliable, fast, and best bang for the buck web hosting service. I highly recommend Arvixe Personal Class for starters. You can start from there and if you want to add unlimited sites from the 6 sites included in the plan, you can easily upgrade to Personal Class Pro, which is just $3 more (expect more discounts coming). I have been using their service for 5 years now and they never fail me. Some reviews out there are not really 100% honest and you might heard about other web hosting’s great offers. Go on. Choose what’s best for you. However, if you’ll ask me, you can’t go wrong with Arvixe (that is 100% based on real life experience). Five things I like about them are the following: unlimited (and I tried it), cost-efficient, fast (not so fast though but fast enough), customer support is great (keep on asking about my PIN but knowledgeable), and always up (I only heard about stories but I didn’t experience my sites going down).
2. Backup and Restore - You need to have backup and restore for WordPress and its database. This will produce a copy of the entire site including plugins, themes, and all sorts of content (you can choose what to backup). This will also backup your database, which is the most important component in order to retrieve all your contents, permalinks, user profiles and details, and your online store (if you have one) seamlessly. I choose the free version of the plugin called “UpdraftPlus.” It has the one-click restore feature for easy restoration of your site and it can upload the backup file on Google Drive for more storage space and security. You need to schedule the backup so that you will not forget doing it. If your site is down and you don’t have any idea what happened, you are just 1-click away in restoring it. Warning: You will only restore the files and updates saved during the last backup scheduled.
3. WP Security – This includes anti-virus, firewall, anti-malware, anti-hacking, anti-spam, anti DDoS attack, and several protective features. You might not believe that there is a free plugin for all of that, in fact several of them offer those features free. “Wordfence,” a security plugin for WordPress has already 900,000+ installs and 2105 of them gave 5-stars for this free plugin. That means it is what we are looking for.
4. Database Management – While we already talked about database backup in number 2, repair, and monitoring of your database is also as important. I choose WP Management, which can do the optimization of your database, delete unnecessary files (you can choose), and keep a backup of a fresh and error-free database. This will make sure your site loads faster, and serve pages and functions faster to its visitors.
5. Caching – While it sounds like making money, I strongly believe that they are synonyms of cashing. For sure, you can earn more money on your website if it loads faster for your visitors - or else they will just click the back or close button. Caching means storing a certain version of your website and serves it faster to your visitor. It will drastically increase your page load time making it easier for visitors to navigate to your site and look for information they want. We will use WP Super Cache for this. It has also an option for CDN, which will talk about below.
6. Content Delivery Network – This will speed-up your pages if someone on the other side of the world wants to visit it. This is how it works. If you are in the US and your visitor is in Europe, CDN will use its network in Europe to deliver that content to a French (for example) visitor quickly. Without CDN, latency or ___ will slow down the loading of your content. Gladly, CloudFlare offers free CDN and even caching of your website. We have a tutorial on how to setup CloudFlare here. General SSL is also available with just a free account. What is SSL by the way?
7. SSL Certificate – This is important to online stores or if you are running an eCommerce plugin in your WordPress site. This is not a need for just a normal blog but the time you required information such as emails and names from your visitors (like a membership site or forum), an SSL certificate will be very useful. It will secure. More importantly, Google will rank your site higher if you secure. Read this.
8. Two-way login authentication – This simple means you need to use another method to login in addition to putting your username and password. Clef, a free WP plugin, is easy to setup (our guide here). You need to login using your mobile phone with this plugin. This will greatly increase security to your WordPress site especially securing the administrative or main access.
9. Limit login attempts – Simply set the allowed number of attempts to input username and password. I set it to five because sometimes I am careless enough to type wrong characters. If I reach five and still miss, I have to wait 24 hours before I can try again. Very important rule of thumb is to use hard to guess (by other) passwords (^%&12H^%FD!) and unusual usernames (Sq1uinkk9qwrst1). Save your credentials anywhere safe (don’t pin it on your fridge). Some bad people will try to guess your credentials using software (brute-force attack). Sorry to them, they only have five tries a day.
10. Update – while I am not a fan of auto-updates, I highly recommend you update WordPress as soon as any update is available. People at WordPress do their best in making this open source software safe and secured. For your plugins, you really need to use those plugins that are highly recommended by many users, thus you have some guarantee that they are safe.
11. Bonus – You can use urlquery.net to scan your website of intrusion, phishing, spam, and malware detection. Simply input your URL or website’s address and wait for the scan to finish.
Having all 11 for your WordPress site does not really mean you are 100% safe already. However, it means you can sleep at night because you know you have ways to bring your site back anytime even if someone hacked it. You have also enough time to check on your WordPress site if someone is doing some dirty tricks on it. While these tips do not actually replace a professional management of your WordPress site, this will give you a certain level of security that does not cost anything (just your time). There are other options to optimize and keep your site safe that you can try to explore. Warning: the more plugins you installed inside your site will mean more vulnerability and compromise on speed and database reliability.
If you have encountered problems while trying the steps presented above, you can easily write your question in our forums.
No comments:
Post a Comment