Blog Post

12 August 2014

Is my WordPress website secure? 3 things to check.

Hi! It’s Eric Hicks, Web developer for Juice Marketing and Design, where we help business owners feel proud of their website!

We’ve been getting a lot of emails from our clients lately inquiring about the security of their website. Apparently, there was a GoDaddy email that got sent around and it’s been talked about on blogs a lot recently. So I’m going to give you three key things to check to ensure that your WordPress website stays secure.

The 3 most important things to check on your WordPress site

1. Passwords

I’ve been using WordPress since the very first year it was released (circa 2003-2004). I’ve built hundreds of websites using WordPress and out of all those websites, only two have been “hacked.” And guess how they were hacked? You got it … weak passwords.

It was back in 2006 when those two websites that I built were hacked (a team of Russian hackers took over the site and displayed a nasty message on the home page … something about Russian mail-order brides, if I recall correctly… true story!). So I learned my lesson and have been using complex passwords ever since.

So what is a “complex” password?

These days, I generally recommend having a password that is between 12-14 characters long, comprised of both upper and lower case alphabetical characters and also numbers. “c95M307Vxf0874” is a good example.

I don’t recommend using words that are found in a dictionary in your password, because that’s one of the techniques hackers use to “brute force” password hacking … they simply try every word in the dictionary, two word combinations, and appending numbers onto the words. A computer can attempt a password thousands of times a second, so running through an entire dictionary only takes a few minutes. The moral of that story is simply don’t use full words in your passwords.

2. Updates

The second most important thing to check to keep your WordPress website secure is updates. WordPress is one of the most widely used website platforms on the planet with more than 60 million websites. The code is maintained by a diverse team of programmers all over the world and updates to the code happen frequently. It’s important for security purposes to always keep your WordPress site updated.

WordPress “core” code and Plugins

So when talking about updating WordPress, there are two separate updates. The first is the WordPress “core” code itself. Second are any plugins that may be installed in your website. You need to keep both updated.

When you log into your WordPress site, you’ll be immediately notified of any updates. If you look at the upper left corner of your dashboard, you’ll see an indicator if WordPress or any plugins are out of date (note the “7” indicating 7 plugins need updating).

wordpress_updates

If you click on DASHBOARD and then UPDATES, you’ll be presented with a very easy to use system for updating WordPress and plugins. They’ve made it very easy, so just read and follow the directions.

3. Backups

Finally, a preventative measure for keeping your website secure is to maintain periodic backups of your site.

So let’s talk about this for a second. Your website host probably maintains backups. However, should something happen and you lose your website, a Web host is going to charge you to recover your site, and we’re not talking a small fee … likely in the hundreds of dollars range. So, your best preventative measure is to have some sort of “off-server” (or cloud) backup of your site performed automatically.

At Juice Marketing, we offer this backup service to our clients for a very affordable price. We can backup your site weekly to the Amazon “cloud” storage service and we keep up to five weeks of backups. Should something happen to your website, it can be recovered usually within an hour.

Summary

So have no fear! If you address the three items I just talked about, you should not have to worry if your WordPress website is secure.

If you have any questions, please don’t hesitate to email me at eric@juiceyourmarketing.com.