How to keep your WordPress site safe

Do you have any idea of ​​the severity of your problems if your site is hacked? If you use a WordPress site, you are in danger. Here are the best practices described to ensure the safety of your visitors. And from your site.

To summarize :

  • Do not fly
  • Install updates
  • Perform regular backups
  • Choose a good hosting provider


Do not fly

My first advice is as old as the world: if something seems too good to be true, it’s probably true. Building software is a lot of work, and while there are people who just code for fun (I’m one of them), supporting a commercial product requires revenue, which means charging for to sell products.

If you spot a plugin that normally pays, but some sites offer it for free, it’s not an opportunity. It’s a very bad deal. Do not get in the way of a plugin developer by stealing his code. And it’s not just a question of morality. If you do that,

In almost all cases, there are free alternatives to commercial plugins. So if you do not want to pay for professional development and support, visit the official WordPress plugins repository and find what you need.

Install updates

In 2014, the sites I looked after were hacked. For a time and for personal reasons, I had neglected the management of these websites. As a result, I did not bother to update them, there was a vulnerability that the hackers found, and suddenly my sites were corrupted.

Since a large part of the Web is managed by WordPress, it is a juicy target for hackers and they find and exploit vulnerabilities constantly either in the main code, or in the code plugins and themes. Fortunately, the entire WordPress developer community is actively updating its code, closing all holes found by hackers, often within hours.

But if you do not run the updates, you will not get the benefit of these fixes. There is no excuse for not keeping your site up to date. WordPress has one-click automatic update features that allow you to update all your site’s plugins, themes, and main code in one go.

Of course, it’s a good idea to make a backup first, just in case something unfortunate happens during the update. Which brings me to my next critical advice.

Perform regular backups

It is not difficult to make a backup of your WordPress site. There are a lot of free plugins, and you can even do it just by copying files and backing up your database. There are also many excellent plugins and services that automate the process for you.

Choose a good hosting provider

I used my own servers connected to the Internet. I colocalized servers in data centers. I ran virtual instances of Linux machines on AWS. And I used a wide variety of website hosting providers.

Each of these approaches is valid for delivering your web content to the public. But the one that is most common is to use a hosting provider that puts together a complete stack of web tools that run WordPress.

All the hosts are not alike. Some are very diligent and routinely perform security updates and malware scans. These companies also ensure that their underlying software is also up to date.

Others, not that much. If you plan to use a web host, check the software, read the reviews, and make sure you trust a hosting provider who does the maintenance.

I know it can be quite tempting to sign up for a service that requires less than a euro a month to host your site, but think about it: how can they make money? They must be saving somewhere.

You can find inexpensive accommodation, but do not sacrifice your future simply because you want to save a few euros. Do your research. At the very least, read user reviews.

Leave a Comment