Website security: prevention is better than cure
As far as our personal health and well-being is concerned, it is generally accepted that keeping your body strong and healthy is much more effective than letting it fall into ill-health and then attempting to rectify the problem. The same principle should be applied to our software and, in this particular case, our WordPress sites.
The fundamentals of WordPress security can be separated into two categories: prevention and recovery. While prevention is the best course of action we must also be prepared and ready to implement a recovery strategy if one of our sites should fall prey to human error, a hack or hardware failure.
The mind map below explores the two sides of WordPress security.
This is an extensive topic and a lot of information to digest, but if you take five top tips from this post, let it be these:
- Two-factor authentication is standard, so it’s important to learn to use it.
- Keep your WordPress core, themes and plugins up to date.
- Only install plugins from trusted sources and get rid of the ones you don’t use.
- Stop reusing passwords and set up a password manager on your devices so that you can make use of strong passwords. We use Keeper and the team loves it.
- Take regular backups, store them somewhere other than your website server and learn how to restore a backup (or hire someone who can do this for you).