Joyce Grace

  • Home
  • Joyce who?
  • Services
    • Vancouver SEO
    • Vancouver WordPress website development & design made by industry professionals
    • Copywriting
    • Marketing consulting
  • Portfolio
    • As an Internet marketer
    • As a WordPress Web developer
    • As a writer
    • As a marketer
  • Testimonials
  • Blog
  • Contact

WordPress security – it’s the least you can do, don’t be irresponsible about it

April 16, 2013 by Joyce Grace

In light of recent events described on the BBC here: http://www.bbc.co.uk/news/technology-22152296 and explained in more detail (with more resources) here: http://ithemes.com/2013/04/15/ongoing-wordpress-attacks-details-and-solutions/
 
I thought I’d let everyone know a few basic things about WordPress security, as I have mentioned to my own clients several times in the past:
 
1) If you do not have a WordPress backup system in place, you are always going to be in a situation where you could lose EVERYTHING. If you spent a few thousand on your site, or spent countless hours pouring over your site content and setting it up just so, you could lose all of it in a hack like this, and there would be no ‘insurance policy’ against it. Many hosts will not have a backup copy of your site to protect you, and if they do, the backups only go to a certain point (kudos to them if they maintain daily, long-term backups). Your Web developer might have a copy of your site (they are not obligated to keep one), but it would likely be a copy from when they first developed it. You can imagine how different it would be if you’ve been using your site for months or years already.
 
This is why I now require all my clients to have a WordPress-tailored backup system in place before I launch or work on their sites. It is for your own good – it’s not just me trying to get you to spend more money.
 
Here are links to WordPress tailored backup systems (I make NOTHING on these links, they are not affiliate links):
 
http://vaultpress.com/
http://ithemes.com/purchase/backupbuddy/
 
2) If you  have a username of “admin” on your site, you should get rid of it asap, or have me (or another professional) do a full site update and fix other security issues on your site, which you probably have if you are still using the admin username. This update and fix can not be performed unless you have a backup system in place as described above.
 
3) You must update WordPress! If you are my client you will know that when WordPress releases a new version of its software, I send out a notice letting you know that it’s time for update and maintenance services. I DO NOT recommend a novice try to do these  updates on their own (sites can break in the process, so you need someone who can fix them if they do). If you don’t write back to initiate the update service, your site will remain running on an outdated version of WordPress, which hackers have long since figured out how to abuse with known vulnerabilities. I do not send these notices to annoy my clients or try to get them to pay me more – they are necessary for their sites’ health. In fact, anyone can take my e-mail notices as a reminder to have someone else they trust perform the update for them – it’s all good with me, as long as they know what they are doing and are having it done.
 
I’ve had comments in the past where people tell me they don’t want to spend the money on backing up or updating their site, or they don’t want to do it right away. It is a strange thought that some businesses would not want to spend a nominal amount to secure their site against attacks, but would rather spend thousands to re-build their site if an attack did happen. This recent massive WordPress security hack really sheds light on how real, and how possible it is to lose your entire investment into your Web site. 
 
The above 3 points are really, only the basic, most least amount of effort you could put into securing your site. There is no reason, and no excuse to disregard them as unnecessary or consider them to be ‘too expensive.’ This is the cost of doing business online. Not taking care of these items would be like running a restaurant without smoke alarm – why take that risk?
Share this...
  • Pinterest
  • Facebook
  • Twitter
  • Linkedin
  • Reddit
  • StumbleUpon
  • Digg
  • email

Filed Under: Anything goes

Ready to hire me?

My contact info:

me@joycegrace.ca

Try joycegraceweb@gmail.com if that doesn’t work

604 817 9962 (try e-mail first if possible)

Follow me!

  • Facebook
  • LinkedIn
  • Twitter
  • YouTube

My top picks

StudioPress Themes Lots of functions, easy control, GREAT support, pro security.

WPEngine - very fast hosting, and good support for the crème de la crème of WordPress hosting.

BackupBuddy - an awesome WP backup, restore & migration plugin (if you're not using WP Engine hosting and have lots of sites to keep safe or migrate)

WP Affiliate Platform which integrates with both WooCommerce and Shopp's WordPress e-commerce system, and others!

App Sumo "Daily deals for web geeks."


The above are carefully chosen affiliate links :)

Blog files

  • Anything goes
  • SEO tips
  • Writing samples
  • Web sites portfolio
  • Internet marketing successes
  • Marketing résumé
  • University taught me stuff

Tags

advertising blog marketing blogs book marketing business conversion customers daily deals e-mail marketing internet internet marketing marketing marketing work media online advertising press kits press releases publicity published publishing seo technology video marketing web development web sites WordCamp wordpress writing youtube

Copyright © 2023· Vancouver WordPress Developer · Proudly powered by the Genesis Framework and hosted by WP Engine Hosting