Back it Up & Keep it Updated
First things first, keep your website up to date. This means your plugins, theme, and the most current version of WordPress. The updates are often security fixes to help stop malicious attacks on your website although sometimes the updates are purely new changes and features. Either way, you should stay updated.
But before updating, back it up – I do want to encourage you to back up your website regularly. If you are not sure how it is super simple and the easiest way is by using ManageWP or another automated service. I set the schedule for my clients for a daily database backup and a weekly full backup. You simply install the plugin then you create your schedule and you are done.
Also, be sure that you have a hosting provider that actually does a backup nightly – one of the reasons, I love and recommend my two favorite hosting companies.
Keep Out the Hackers & Spammers
There are two plugins that I recommend for security and spam blocking – Wordfence and Akismet. Here is a video about it .
And please tell me you are not using the username ‘admin’ for your site. The main username that hackers try to use is ‘admin’ so use a different username. If your website is your name, like mine, then you shouldn’t use your name as the username. The point is trying to think of something unique and challenging to guess.
In addition to having a unique username, please use unique passwords for everything. No, you cannot just change one character and then you’re safe. That’s not too tough to crack. The passwords need to be strong. To get strong passwords without post-its covering your workspace or a dedicated spreadsheet list, you must use a password management system like LastPass or 1Password. This way you can use secure and unique passwords for all of your favorite and not-so favorite websites.
Hosting & WordPress
If you have ever installed WordPress on a domain and just forgot about it, you should remove that installation. It is probably out of date and opening you up for vulnerability.
Most of us use shared hosting, so make sure you are using a good hosting company. I have used and recommended Green Geeks for for smaller sites.
My favorite hosting company (the one this site lives on) for managed WordPress is WP Engine. When I switched to them my speed increased to less than one second.
Everyone thinks their hosting is okay until they get hacked. If you are unsure about your hosting company or their reputation, ask your favorite web person {raises hand}.
Finally, be sure that any themes you are not using have been uninstalled. These are easy to overlook and need updates regularly as well.
So to summarize, do this: backups, updates, security plugins, anti-spam plugins, remove old installations of WordPress and themes you are not using. Do not do this: use weak passwords, use the same password for every site, use ‘admin’ for your username or use bad hosting.
Most importantly, do not think that you are safe because you don’t get too much traffic.
Be proactive, not reactive and stay ahead of the game.
If you don’t want to try to manage this, I offer a maintenance service for a small monthly fee. If you are interested, contact me more info here.
