The truth is, WordPress, while one of the most flexible and fantastic website platforms is also one of the most vulnerable at the same time. Every time that question pops up in our Facebook Group about what website platform is the best I usually answer with WordPress. Regarding affordability and customization, it has it all.
However, there are some issues with WordPress that keep people away or make business owners, like me, incredibly frustrated. If you follow me on Facebook or Instagram at all, you probably saw all the chaos surrounding the website being down last week. First, let’s start with an apology. I know it sucks when something goes offline, but it was truly out of my hands. That said, it did inspire this useful content I’m about to share with you. In the past, Photography Awesomesauce had little things happen here or there regarding WordPress vulnerability, but last week’s was a big one. Without going into the nitty-gritty details and using all sorts of website terminology like FTPs, servers, and who knows what else, basically the site went down and recovery took several days.
For now, I want you to imagine what it would be like if your WordPress site went down and they couldn’t recover all the blog posts you’ve written and content you’ve created. Or what if they could, but the most recent backup was over a month ago, and you’ve lost a bunch of blog posts that were sending loads of traffic your way? It could get ugly. Even though WordPress has its vulnerabilities, there are lots of ways to close the gap too, and that’s what I want to go over today.
- Do Your Website Updates ASAP. You know when you log into WordPress, and up at the top, it has that little arrow circle with a number in it? Those are updates, my friend. I know from working on the back end of photographer’s WordPress websites in the past that we are extremely notorious for not doing the updates. Those updates are usually for plugins, themes, and the WordPress platform itself. DO THE UPDATES. When you aren’t updating, you’re leaving lots of holes for creepy crawly things to get in and take over your website.
- Select Your Plugins Carefully. What’s a plugin? Well, WordPress works a bit like a smartphone does. WordPress itself is the platform which converts the complex code into something viewable for people coming to your website. Then on top of WordPress, you can install a theme which makes your site look a specific way. Then you can install plugins. I like to consider plugins the “apps” of the WordPress world. Plugins are apps made to help you customize your WordPress website. Third parties make these apps. Plugins can be a vulnerability to your site because of who makes them, they are often not updated by the creators, or because they don’t mix and match well with other stuff you’ve got going on behind the scenes on your website. So, select them carefully. Look for plugins made by reputable companies that you recognize. For example, if you use Mailchimp for email marketing, they make their WordPress plugin to help your website and email all jam together. Mailchimp would be a reputable creator that probably updates their plugin often. However, it’s those plugins by lesser known people that may come with more risk. When considering a plugin, check it out, research it online, and check to make sure the creator keeps it updated with every new version of WordPress that comes out.
- Clean Out Unused Junk – Have you ever downloaded a plugin, activated it and then found yourself not using it a year or two later? Or maybe you have old themes on your website you’re no longer using, but they’re sitting there in the back of your WordPress still. If you’re no longer using a plugin, theme or something else you installed on your WordPress, get rid of it. Old themes and outdated stuff are an excellent way to find yourself hacked.
- Back Up Your Site! Did you know you can backup your WordPress website? So let’s say that creepy crawlies do get in, and they mess everything up. You go back to the basics and re-install a new version of WordPress. You’re thinking you’ve got to start over and what a nightmare this will be. Well, that’s why backups are awesome. There are a few different ways you can backup your website.
– Through your hosting (like GoDaddy). Different hosting plans have different backup rules so call whoever your host is and ask them what yours is. Some hosting plans do backups up daily, some monthly, some only back up a few things, but don’t back up the database (which is the core of all the things). You need to know what is being backed up and when. Make sure that your host, at the very least, is backing up your website once a month. You could still loose info though if anything ever happened, which is why I recommend multiple backups.
– Backup through a plugin! Yes, there are plugins like VaultPress which do a full backup of your website daily. I have to tell you that after this thing last week, I’m super grateful to have VaultPress, plus their customer service was top notch when it came to helping me figure things out. It’s $9 a month to start, but so worth it when you get into blogging and worry about losing all your information someday!
– Backup the database. We don’t only want your website backed up on a basic level; we also want the database of your site to have backups too. A lot of hosting companies have this as an extra option for around $24 a year. It can save you some hassle if something went crazy wrong, but it’s not necessary either. I feel pretty confident that with VaultPress I could just install a fresh version of WordPress and then do a quick backup and voila, the site would be up and running in no time. That would work on most issues, but you never know.
- Block Brute Force Login Attempts. Some super cool plugins can help block brute force login attempts. That’s where someone makes multiple login attempts quickly and tries to take over your website. There are plugins like Jetpack which do automatically block some of these out. If you read my Facebook last week, you’ll know that Jetpack was part of the reason my website went down, but thanks to an update they just released and some fixing on my part on the back end it doesn’t appear to be a problem anymore. When these brute force login attempts happen, the system catches it and blocks the person trying to log in permanently. That’s the simplest explanation I can give for those of you who don’t want to get into the techy side of things. You can also set up your WordPress login to only allow a specific number of login attempts before someone is blocked from the website altogether. I recommend doing this, but make sure you are very clear on what your password is so you don’t lock yourself out.
I hope this gives any WordPress users some real insight on how to protect your website from crazy vulnerabilities in the future or just techy things that can cause your site to crash. It’s a good idea to invest some time on the backend of your WordPress site and make sure you have a system set in place.
How about more awesomesauce?
Subscribe to get awesome free stuff and emails full of useful business information that you’ll probably ignore. Watch me fail miserably at Twitter. Repin stuff I pin on Pinterest because I said so. Love me on Facebook even though numbers don’t matter, and Facebook is dying. Join the Facebook group to see my shenanigans up close and personal.