031 – WordPress Website Security, Keep Your Site Safe!

This week’s episode is all about security and to help me, I had Sean and Randy on from beAutomated.com. These guys are experts when it comes to WordPress security. I highly recommend doing everything that we talk about in this episode.

1. Security is one of the major purposes behind custom software development, alongside functionality, performance, interoperability, and support.

2. Security separates amateur from professional developers. Know your hosting company as well as the developers of every piece of software you depend upon. Know who to call!

3. Installing WordPress themes and plugins from unknown developers opens-up all sorts of security risks that all webmasters should be aware of.

4. Plugins and themes can open-up security holes that can, wipe your files and data, expose sensitive information about your users, or insert junk content into all sorts of files on your website.

5. Use only plugins and themes from trustworthy authors. Plugins and themes have full access to your database and the files on your hosting account.

6. Most attacks are malware bots usually causing pop-ups containing scams or trojan horse software that seeks to charge you money, steal your contacts, steal you or your customers’ information, or infect your personal computer. These breaches are intended to go undetected for maximum exposure.

7. As the WordPress.org post Hardening Security suggests, security balances with convenience. There are many technical obscurity measures somebody can take, but these measures will break functionality on the front end and back end.

8. To be secure you must apply common sense and best practices for every one of your files on your hosting account. Use different hosting accounts for each website.

9. Stay in tune with official and respected WordPress news sources.

10. Always use a different password on each and every website you use. Keep your passwords on paper and in a safe, secure place. If passwords are on your computer, they can be read one way or another. Think of file sharing, screen sharing, snooping, etc. Secure your email password most of all. If somebody has your email password, they can reset any of your other passwords!

11. Keep all software up to date. This includes WordPress core, themes, plugins, your server software if you control any of it, and of course your personal computer software. Practically every minor “point” release fixes security issues.

12. Keep at least daily backups on one or more services. If your host doesn’t offer automatic backups, consider finding one that does and/or paying for a backup service such as VaultPress by the good folks at AUTOMATTIC.

13. Enable SSL (https://) for the ‘wp-admin’ folder and login page.

14. If evaluating plugin code or if you are a plugin developer, check out the additional points in our blog post.

15. Use offline development tools such as XAMPP to test plugins and themes before deploying them to your web host.