I love WordPress. I also don’t want anything to happen to my WordPress site. This is why I like to play it safe.
In this post, I explain five ways you can protect your WordPress website and prevent the worst from happening.
1. Test Changes on a Development Domain
I love WordPress because it’s versatile and easy to customise. Making changes and installing new plugins isn’t always a good idea though.
Instead, consider buying a second test domain where you can install various plugins and make changes to WordPress without having to worry what happens if things go wrong.
On this domain, start by installing sample content from your primary website.
You should prevent search engines from indexing your development website by navigating to Setting > Reading > Discourage search engines from indexing this site
This way, you can test new features before rolling them out to your live site. And, if you break something, it’s not a big deal to reinstall WordPress.
2. Pay for Good Hosting
When the worst happens, a good hosting company is worth every penny.
Ask your hosting company how often they keep backups and if they’re stored offsite.
A good hosting company keeps daily, weekly and monthly backups and stores them offsite.
You should also ask your hosting company if they can restore a site in case of the worst, how long this would take and how much data you can expect to lose.
This way, you can face a disaster with your eyes open.
3. Backup Your Site
Even with a reliable hosting company, it’s good practice to back up a WordPress site regularly.
In WordPress, you can export you the contents of your website to a file that another installation of WordPress can import. Consider doing this once a month and storing the file on Dropbox or Google Drive
Alternatively, if your website is relatively small, you could backup your entire site and database in cPanel and save this to a Dropbox account.
There are lots of WordPress plugins that backup websites automatically too. I use Backup to save my site to a Google drive.
VaultPress is another popular, premium solution that is suited for backing up larger WordPress websites. I recently set this up and it took me just five minutes.
It’s not necessary to do all the above; instead pick one method and get into the habit of making and storing monthly backups.
4. Beef Up Security
WordPress power about 23 per cent of the world’s websites, so it’s no surprise that security is challenge for WordPress users.
To protect your website, change the default login name of wp-admin to something harder to guess than the default “admin”. You can do this by adding a new user and changing their role to administrator.
Record your new password and login name securely, and then remove the default admin user from WordPress. At this point, WordPress will ask you if want to reassign your posts to another author. You should pick the newly created administrator.
It’s also worth installing Limit Login Attempts. This plugin prevents brute force attacks on WordPress websites by locking users out for a predefined period if they input the wrong password more than three times.
5. Uninstall Old Plugins and Keep WordPress Up-to-date
Keeping WordPress up to date is the best way to keep your site secure. This is less of a chore than it used to be as WordPress versions from 3.7 onwards update automatically.
That said, WordPress users still need to update plugins manually. It’s not a good idea to use out of date plugins as hackers can use these as a backdoor into your site. It’s also a good idea to uninstall unused plugins. They pose a security risk, clutter your interface and can even slow websites down.
What are your methods for a secure WordPress site? How do you prevent the worst from happening? Please let me know in the comments section below.