When it comes to creating a new WordPress site, security for that site is often overlooked or ignored. The reality is that it should be among some of the first things you tackle once you have WordPress installed on your server.
Out-of-the-box, your new WordPress site will have very few security options. For deeper layers of WordPress security, new site owners will need to consider these five areas of important site-securing options.
Securing your WordPress Site with these 5 Recommended Services and Plugins
SPAM Blocking
Akismet
Akismet is a spam fighting service that protects millions of WordPress sites from comment and contact form spam. This handy plugin also takes the inconvenience out of managing comment spam by ensuring it doesn’t interfere with your search engine rankings.
Akismet is included by default in every WordPress install, but it still needs to be activated. After installing WordPress on your server follow these instructions to set it up:
- Go to the Plugins page in your administration panel and click the Activate link under the Akismet plugin.
- Once activated, you’ll need to sign up for an Akismet API key on the Akismet website; a few step process that only tales minutes. We recommend using the same email you used when installing WordPress (Note: API keys should be kept private like passwords. They should never be given out to anyone).
- Once you have your API key, return to the plugins page and add the key. That’s it!
By having Akismet handle all of the incoming spam, WordPress users are then freed up to write, create and engage with site visitors.
Note: Akismet offers three different pricing plans as well as a pay per call plan. If your site is for a business or if it promotes a product or service, you should pick from one of the paid plan options.
Hacking Protection (DDos, Malware, Brute Force)
Sucuri
If disaster should strike, Sucuri are pros at web monitoring and malware clean up service. Sucuri Inc. is the leading provider of web-based integrity monitoring, malware detection, and malware removal solutions delivered as a service. In simple terms, they will swoop in and end the chaos if a site gets hacked, blacklisted or infected with malware. Once WordPress security is restored, and the site is clean, Sucuri will continue to monitor it and let the site owner if another problem ever arises.
Sucuri works fast, is affordable and offers business owners a peace of mind that is priceless.
iThemes Security Pro
iThemes Security Pro is a powerhouse plugin that protects your WordPress site like no other security plugin. The Pro version of the plugin has an amazing array of features that will protect your content in ways you likely had not even considered:
- Brute force protection
- File change detection
- 404 detection caused by bots
- Password enforcement
- Bad user lockout
- Database backups
- Online file comparisons to identify malicious changes
- Google reCAPTCHA integration
Check Out iThemes Security Pro
Use Managed WordPress Hosting Providers
Managed WordPress hosting providers offer unparalleled peace of mind when it comes to securing your website. 24/7 security monitoring, automatic updates, SPAM filtering, and free repairs if your site is hacked are just a few of their benefits. Here are some of the top providers:
- WPEngine: WP Engine is great for business and ecommerce websites that need fast speed, scalability, and security. Their award-winning support is second to none. Plus, you’ll also get premium themes and block tools. Plans start at $25/month.
- EasyWP: EasyWP is the easiest and most affordable managed WordPress hosting we’ve ever seen. Your first month is free, then it’s just $4.88/month. But EasyWP is also really fast! You can create a brand new WordPress site in less than two minutes!
- Kinsta: The first managed WordPress host to be exclusively powered by Google Cloud Platform, Kinsta has data center locations around the globe and enterprise-level DDoS protection. Perfect for business sites, plans start at $35/month.
- Pressable: Pressable is a world-class managed WordPress hosting provider built on the same data network as WordPress.com and WordPress VIP. With automatic scaling, Pressable is perfect for small business websites, with plans starting at $19/month.
- Nexcess: Nexcess is perfect for business and ecommerce sites, with their unique performance monitoring, automated testing for WooCommerce, and automatic plugin updates with visual comparison. Plans start at $13.30/month.
Backups:
Backup Buddy Plugin
Backup Buddy is the most popular choice for backing up (or moving) a WordPress site. Why backup your site? Because system failure, crashes, viruses and hacking incidents happen. Backup Buddy is an automated WordPress backup plugin that keeps your WordPress content safe by creating complete backups of your content, pages and important information. This “must have” plugin is a great way to maintain website backup files that can be kept offsite as a part of your website security measures. Worth every penny.
VaultPress
VaultPress offers WordPress security in the form of backup and security monitoring and is a trusted product of WordPress.com. A subscription-based protection tool, VaultPress offers WordPress site owners spam blocking, site migration options, site backups, file scanning, restores and automatic file repair. Pricing varies for business needs and sizes.
Other Best Practices for WordPress Security
Stay on Top of Updates for WordPress Software, Themes and Plugins
Making sure your WordPress site and themes are current and updated is a quick and easy way to take measures against security breaks. To help thwart hackers and eliminate security vulnerabilities, WordPress software, themes and plugins are regularly updated with the latest patches and fixes. When a new WordPress update is available, users will see a notification across the top of their dashboard area. We also cover the important features of each major update.
Plugin updates are often noted there as well, but can also be seen on the Plugins Page. Plugins that need attention will appear highlighted in a different color along with verbiage like, “There is a new version of iThemes Security available. View version 5.6.0 details or update now.” Simply clicking the linked “update now” words will automatically update the plugin.
Delete Old Themes
Any themes that live in your WordPress site that are no longer being used also means they are no longer being updated. These un-updated themes are like holes in your WordPress security fence; holes that hackers and viruses can slip through. Delete any themes you are no longer using or make sure any that you wish to keep are updated on a regular basis.
Wrap Up
The thrill and excitement of your new website will not last long if you don’t have proper layers of WordPress security measures in place. Remember, your WordPress site isn’t really safe unless you have a solid backup plan and the best security tools and options in place.
Happy Securing!