Hello, this is Mikel with TinyFrog Technologies. I want to talk a little bit today about website security. We our a WordPress agency, and that’s what we specialize in. WordPress is a very popular and widely used platform. In fact, over half the websites that get built on the planet nowadays use WordPress.
The downside to WordPress is that it tends to be very vulnerable for hacking and security issues, if it’s not properly maintained. In fact, there’s a saying in the WordPress world that if your WordPress site is not properly maintained, getting hacked or having security issues is not a matter IF , it’s a matter of WHEN.
But you can definitely avoid those problems by having a good WordPress maintenance and hosting plan for your site. So, we actually follow a 5-point security protocol when we’re designing and maintaining and hosting WordPress sites.
If you have a WordPress site, I definitely would recommend speaking to your developer to make sure they’re following these five steps.
5-Point WordPress Web Security Protocol
1. Secure WordPress-only server
The first one is the hosting server that it’s on. We typically don’t recommend going with a traditional hosting company like GoDaddy or Bluehost. They’re really not, even though you can host a WordPress site on those servers, they’re typically shared servers there. They don’t really have the best resources dedicated.
Sites can run very very slow on a traditional server; you’re not going to have the best security as possible. So, the host is often probably a very good important point. We use a company called WPEngine, which is we feel is one of the premier WordPress hosting companies and that’s all they specialize in.
2. 24/7 Security Monitoring
The second security protocol is security monitoring. It’s important to have security monitoring on some level in your website, so it’s being monitored.
If you do have a security issue, it’s being, you know, you’re noticing it or your developers noticing it because if it goes unnoticed for a period of time it could create other problems as well.
3. SSL Certificate
Third point is basically an SSL certificate – pretty straightforward and pretty standard. Most websites do have them, but nowadays if you don’t have one, you’ll notice it will say “Not Secure” in the browser.
This discredits your website to your viewers and visitors. So an SSL certificate is very very important.
4. Regular Backups
The fourth protocol is regular backups. We recommend backups to your website – not only updating or backing up the database, but all the site files. That’s very important because if your site does get hacked and it goes down, you don’t want to lose the site.
We’ve had people who have come to us and said their site was hacked and they hadn’t run a back up in six or eight or ten weeks or whatever and all of a sudden they’ve lost all that information. So it’s important to have regular backups set up.
5. Update Plugins Monthly
And the last one is your plug-ins. WordPress sites are comprised of a core and then a series of plugins. A typical website could have 10 to 20 plugins.
All these plugins have very frequent plug-in updates coming through and they’re mainly security updates, so getting your plugins updated by someone who knows what they’re doing with the right frequency is very important.
We recommend once a month for that. If you have any questions on our 5-point security protocol and properly maintaining your WordPress, I’d definitely give us a call.