6 Simple Steps to Keeping Your WordPress Site Safe

Keeping your WordPress site safe should be your number one priority. All of the writing, networking and other activities you do to promote your blog are meaningless if nobody can read it because you’ve been taken down by hackers or have somehow completely fried your site yourself. Here are a few simple steps to follow to keep your WordPress blog up and running smoothly.

1. Make Backups. Constantly. There are several different plugins and services, such as WordPress Mechanic that can make keeping your WordPress blog updated simple. Make sure that you are backing up both your data base and your WordPress files, to include your theme, images and any other customizations. You’ll want to make backups at least once a week and possibly more often if your site is constantly being updated or you can’t afford to lose even a day’s worth of comments or posts.

It’s also good practice to make a full backup before upgrading your blog or moving to a new server.

2. Choose a secure password and user name. Don’t use the default user name of “admin” and make sure your password is strong and not easy to guess. It’s a good practice to never use the same passwords across sites and be careful about logging in over unsecured networks or on public computers.

3. Be careful who you allow to work on your blog. Get references and make sure to delete any accounts you made for them after the work is completed. You can always make a new account if they should need access in the future. The problem isn’t only security; anybody can say that they are a WordPress expert. If they don’t know what they are doing, they can completely ruin your blog, leaving you an expensive, time consuming mess on your hands.

It can be tempting to go with the lowest bidder on a freelance site, but don’t let price be your foremost concern in choosing a blog designer or coder. The best policy is to ask people you trust for recommendations and ask for and check references before hiring somebody to work on your blog.

4. Evaluate all plugins carefully before installing. The more plugins you have, the more points of vulnerability there are on your blog and if something goes wrong, it’s a long, tedious slog to find out which plugin is responsible or which ones aren’t playing nicely with each other. Don’t install things willy-nilly into your blog, take the time to ask if you really need this function and to research any complaints or concerns others have had with the plugin before adding it.

5. Keep your WordPress upgraded. Using the latest version can help ensure that you are protected against previously discovered WordPress security breaches. It’s not an iron-clad guarantee, but do you really want to be using the version that all of the hackers know how to infiltrate? And remember tip 1: do a full backup before upgrading!

6. Make sure all of your files and directories have the proper CHMOD setting. CHMOD is basically the permissions that each file or directory gives for who can read, write and execute the contents. There are too many variables to give a full accounting of which files and directories need which permissions in this brief article, but unless you know exactly what you are doing, ask an expert first before you change the CHMOD on any of your files and directories and leave files writable only for as long as they need to be.

These tips are a good start to keeping your WordPress site up and running but security and safety is an ongoing concern for any blog owner. Make sure you keep up with your backups and WordPress updates and be cautious about any actions you take that could change the way your blog works or increase its vulnerability.