So you’re using
WordPress and you want to keep your site safe from hackers, malware, spam and
other threats… where do you begin?
While WordPress does have some security risks, most of these are relatively simple to plug as long as you know where to look. This post will provide some easy and straightforward tips to help you fortify your site and to avoid common mistakes.
Tip #1 – Consider Your Host
WordPress security isn’t all about WordPress! Another weakness can often lie in your hosting account, so make sure you research the security of your hosting provider thoroughly before choosing one. Look for hosts that are willing to discuss security concerns and offer the most recent stable updates to server software. My host of choice is WPX Hosting.
Tip #2 – And Your Computer!
alternative ‘way in’ for hackers is through your computer. If you have malware
on your system, this can do things like record your keystrokes in order to
isolate passwords. Make sure your security software is up-to-date and that you
do regular scans.
Tip #3 – Keep Updated
Many vulnerabilities exist in WordPress itself and the plugins that you install, but as long as no one finds them, you’re safe. The problem is, people do find them and when that happens you can briefly be vulnerable.
In the vast majority of cases, the developers of WordPress or the plugins will identify the flaws in their security very shortly after they come to light. They will then issue an update to fix them. This is why it’s so important that you update not only WordPress but also all of your plugins every time a new update is issued. I can’t stress this enough! If you don’t, then you might be leaving well-publicized flaws in your security for hackers to take advantage of!
Tip #4 – Avoid Unnecessary Plugins
Every plugin you
add to your site presents new potential security flaws in your code. Having too
many then will unnecessarily leave you susceptible to a number of possible
attacks and can also slow down your site. Don’t use more plugins than you need
and make sure you research the quality of any that you do decide to use.
Tip #5 – Install Security Plugins
Some plugins that are useful are those specifically designed to provide additional security to your WordPress site. This is a very easy way to upgrade your sites fortifications that takes minutes – so do it! My security plugin of choice is Wordfence.
Tip #6 – Choose a Smart Password
This is a simple and easy one but it’s too often ignored. Make sure that you use a strong password and username combo for your admin login. And for the love of God please don’t use ‘Admin’ for your username. My password manager of choice is LastPass.
Having a WordPress site is the best choice in my opinion for your website needs, but don’t neglect keeping it safe. With these steps you will have a safe and sound website.
The UpdraftPlus plugin is exactly as it sounds, a plugin to backup your WordPress website. A backup plugin should be one of the first plugins you ever install on your WordPress site. Along with a security plugin, but that is another post.
You can’t depend on your webhost to backup your site (although my webhost WPX Hosting does for free), it is your responsibility. Luckily the UpdraftPlus backup plugin makes this a simple job.
Some key features include:
Restore backups directly from
Send your site’s backups to the
cloud for safe keeping
Migration – move your site from
one place to another easily
Supports backing up multiple and
UpdraftPlus is easy to install and setup. Just
install UpdraftPlus like you would any another WordPress plugin. Once the
plugin is installed and activated you will notice a new menu option in your
WordPress admin area named UpdraftPlus Backups.
If you just want to do a quick backup and
download it to your computer then when you navigate to the UpdraftPlus settings
page, simply click on the blue Backup Now button. This will start a new backup
of your WordPress site. Once it is finished you will be able to download it
under the Existing Backups tab. The amount time for the backup to finish will
depend on the size of your WordPress site.
Of course, it is best practice to schedule
your site’s backup so that you always have a good recent working backup. To
setup a backup schedule simply click on the Settings tab and choose how often
you would like the backup to run. I personally recommend that you backup your
database daily if you publish a lot of content. The files backup includes
uploads to the media library, plugin files, and theme files. Unless you are
constantly altering your theme a weekly or bi-weekly backup schedule will work
When scheduling your site’s backups don’t forget
to set a destination for the backup. You don’t want to save your backups on
your web host. The backups will take up a lot of space and if something happens
to your web host you may not have access to the backups. With UpdraftPlus you
can send your backups to Dropbox, Google Drive, Amazon S3, or you can even have
it emailed to you.
You set up the destination for your backups on
the same page you schedule backups. Just scroll down a little bit and you will
see your options. Choose the destination of your choice and the plugin will
walk you through the rest.
Unlike some other WordPress backup plugins, you can restore any backup created by UpdraftPlus directly from WordPress. There is no separate script or file you have to copy over and install to perform a restore. This also makes it simple to move or copy a WordPress site to another location.
Installing a backup plugin should be one of the first tasks taken when creating a WordPress site. UpdraftPlus makes it very easy to schedule your backups so you don’t have to worry about it and can spend more time completing money making tasks in your business.
In today’s training, let’s see how you can back up your WordPress site for free and do it quickly.
If you don’t want to read you can always watch the video below.
The first thing you need to do is log in to your WordPress administration area. Be sure you’re logging in as a user who has administrative privileges. Once you’re logged in from the left menu, we’re going to click on the plugin option. This will give you a list of all the plugins installed on your website. You may have just a couple. You may have a lot. Every WordPress site is different.
We’re going to add a new plugin, so at the top click the add new button. This will show you all the available plugins on the WordPress repository. We’re going to do a search. In the top right hand corner is a search box. Type in backup and hit enter. You will get a lot of results. The only one we are interested in is the UpDraftPlus WordPress Backup plugin. It should be the first result.
We want to install this plugin, so we’re going to hit the install now button. This will download it to your WordPress site, and once it is downloaded, you will be shown a blue activate button. Go ahead and click the activate button and this will turn on that plugin on your wordpress site. Once that is completed, you’ll be taken back to your plugins page and you will now see you have the UpDraftPlus Backup/Restore plugin listed. From here, we’re going to click on the settings button just under the UpDraftPlus plugin title.
You may also get to the settings page by the left menu under settings and UpDraftPlus Backups. Now, to do a single backup, all you have to do is click the backup now blue button, you will be shown a pop up, which gives you a couple options.
The first option says to include the database in the backup. You almost always want this checked. The database includes all your content, your posts, your pages, your comments, your categories, or tags, all that kind of stuff. The next option is to include any files in the backup. Again, this is another one you’ll probably check. This one include your plugin files, your theme files, your Media Library, such as images you use in your blog posts, all that kind of stuff. So next all you have to do is click the backup now button.
The amount of time it takes depends on the size of your site. It may go through pretty quickly and it may take a little while to do a backup. To view backups that have been completed, all we have to do is click on this existing backup tab and you will now see the backup that you just completed.
Under backup data, you will have five different options. The database, plugins, themes, uploads, which is your media library, and others. These are all the backup files and database that the plugin backed up. To download these, you just click on the one you want to download. For instance, the database, and once it is ready for download, all you have to do is click the download to your computer button and it will download the backup to your computer, and once that is successfully downloaded, you can delete it from your web hosts to save space.
Something else you can do with UpDraft is you can set it up to automatically trigger backups, so you don’t have to do it manually. Just click on the settings tab. You can set up schedules like a schedule for the files backup. So where it says files backup schedule, it currently says manual. You can click on that drop down box and choose how often you want the files to be backed up. Again, this is your plugin files. Your theme files, graphics that are in your media library or anything you’ve uploaded to WordPress.
A lot of people just choose weekly, but you need to assess the needs of your website and your blog. So for this example I will choose weekly and then you need to also choose how often you’d want to backup the database. Again, this is all your content, your recent posts, your pages, your comments.
So next to database backup schedule. Again, it says manual right now, let’s change that to daily. Again, based on the needs of your personal website and your needs, you can change this to whatever option is right for you.
Now the next option is where you want this backup to go. You have an option to save it to a third party site such as Dropbox or Google Drive. You can have it go to Amazon S3 and of course you can also have it emailed to you. So in this example let’s choose email. When you email it to you it will automatically go to the admin account on your website, so whoever’s the administrator, it will go to that email account.
You now have a scheduled back up, and that’s how quickly and easily you can backup your wordpress site for free.
If you want to have a
successful business a website is essential. You can’t rely on Facebook,
Twitter, or any other social media sites to run your business. You need what I
like to call a home base. A place to send people who are interested in what you
have to say and sell.
The first step in
starting a website is to choose a web host and then the type of website you
want to have. Web hosts are computer
servers that act as a storage center for your website. It stores your website
files (HTML, PHP, etc.), video files, audio files, images, databases, etc. It
is where your website lives on the internet.
A web hosting
provider is the company that supplies the server that acts as your web host and
connects that server to the internet.
If you do a simple search for web hosting you will be instantly inundated with thousands of results that will just add to the noise and confusion surrounding web hosts. There are thousands and thousands of web hosting provider and each web hosting provider offers different types of web hosting plans.
There are 4 main types of web hosts, Shared, VPS, Dedicated, and Cloud. They all vary in type, features, and prices. Every business has different website needs and those needs will determine the type of web hosting you need.
Shared Hosting is probably the most common and most talked about type of web hosting. It is widely accepted as a great beginner option. Shared hosting is exactly what is sounds like, you share a physical web server with hundreds, and often thousands of other users and businesses. It is normally the cheapest hosting option but it does come with some drawbacks and concerns.
It’s affordable. Since shared web hosts can
host thousands of users on one web server they are able to offer their services
at a cheaper more affordable rate; a lot of times as little as $3.95 a month.
It is very cost effective.
It’s beginner-friendly. It is very easy to get
started with shared web hosting. It is very beginner-friendly and you can
usually install programs such as WordPress with just one click.
No real technical knowledge of web servers is
It’s maintenance free. You are not required to
do any maintenance on the web server.
Security, upgrades, and maintenance of the server are managed for you. (This does not include any updates to
installed software such as WordPress.)
Security Concerns. Because your website sits on a web server
with hundreds or thousands of other sites, another site’s activities can affect
your site. Another person’s hacked site
can easily become your hacked site.
Shared Resources. Shared space means shared
resources such as CPU time, memory, and disk space. If someone else’s site is hogging CPU time
and memory it is going to affect the speed and load time of your site.
No Control of Server. With shared web hosting you have no control over the server or it’s
performance. Your site will not be able
to use resources beyond the maximum your web hosting package allows.
While on shared hosting you will be limited to the amount of CPU usage
and bandwidth your website can use.
VPS stands for virtual private server and it
is similar and yet very different from shared web hosting. It’s similar in that
you are physically share a web server with other users, but, different in that
you are not sharing resources.
A VPS is a physical computer that is divided
into several virtual sections with a web server setup on each section. This separates users’ accounts and allows
each section to function independently as if it was on its own physical
Security. Security concerns are less with a
VPS than with shared web hosting since each user is compartmentalized into
their own section.
Limited Shared Resources. With a VPS server
you have your own space on the web server and you don’t have to share with
anyone else. This allows you to have more access to resources such as CPU usage
Greater Control of Web Server. VPS servers allows you to have root server
access. This allows you to have greater
control of your web environment.
VPS is great if your site is growing rapidly. It allows you to grow as
your business grows. Web host providers can easier allocate more space and
resources to your VPS as business and traffic to your site increase.
Maintenance. Unless you choose a managed VPS
plan, which usually cost a little more, you are responsible for managing
everything on your VPS server including the web server software, updates,
security, and more.
More Expensive. While A VPS web host is more expensive than
shared hosting, it is not super expensive and can be pretty affordable
depending on the web hosting provider you go with.
Technical Knowledge. Some technical knowledge is required with a
VPS. You need to know the basics of web
hosting and how a website works.
Using a dedicated server means you have a web
server all to yourself. You are
basically renting a whole computer server to use for your website and your
Security. Security is usually best on a
dedicated server because you are the only one using it. If you practice safe
security policies you shouldn’t have any problems.
All the Resources. Since you are the only user
on the web server you get full access to all the resources. No waiting for CPU
time or bandwidth.
Control of Server. With a dedicated server you
maintain control of the server and performance. You can configure the web
environment to the exact specifications you want.
Most Expensive. Using a dedicated server is
the most expensive option since web hosts cannot offset that cost with other
Technical Knowledge. Technical knowledge is a
must have with a dedicated server. Unless you have a managed account it is
completely up to you to fix anything that goes wrong.
Cloud hosting is relatively new. Clouding is a
team of servers, which is called the cloud, that work together to host
websites. It allows multiple computers to work together to handle the needs of
Very Scalable. It has the unlimited ability to
handle high traffic or spikes in traffic without slowing your website.
More Resources. While you technically have to
share resources with others like in a VPS, there are so many more servers
involved and that means more resources are available.
Extremely Reliable. Because the cloud has a
team of servers working for you, if one server goes down another one is waiting
there is to pick up the slack.
Cost Efficient. You only pay for the resources
you actually use.
Advanced Technical Knowledge is a must have.
Cloud hosting is not easy to setup and you must have knowledge of the resources
you have and know when you will need more.
Once you have decided which type of web
hosting you need, next is to decide which web host provider to go with.
There are thousands of web host providers in
the world today. Some of these are really big companies, others are owned and
operated by two or three individuals, and some are even resellers of of the bigger hosting companies.
Some web host providers will even give you a free domain with your hosting
account, so be sure to check that out as well. One of the important things to
consider is your skill level and how much customer service and hand holding you
You will also need to decide what type of
website you want to have, such HTML or WordPress. I highly recommend using
WordPress for your website. It’s easy to use, secure, and is highly
customizable. WordPress can also be installed on almost any web host. When
shopping for a web host provider just make sure they offer the minimum
requirements for WordPress (most do!).
If most of this is Greek (or Geek) to you, the
thing to do is ask the web hosting company if they support WordPress and if
they have access to Cpanel.
One way to find good WordPress host is to ask
your friends who have WordPress websites. Ask them to tell you about the
uptime, the customer service, and other factors that you care about so that you
can make a good choice about WordPress hosting. With so many choices it won’t
be long until you find the WordPress hosting account that works for you.
My favorite WordPress web host provider is WPX Hosting. They are affordable and the support is amazing. They have helped me out several snafus quickly.
When making a choice about web hosting do your research, ask your friends and colleagues who they use, and remember, while it may take some work, you can always change your web host if you are not satisfied.
Below is a list of Web Hosting Terminology to help you with your search. Make sure you bookmark this page so you have a reference when on the hunt.
Apache Web Server – This is server software that delivers your content to your readers via web browsers.
Bandwidth – Bandwidth is the rate of data transfer, or how fast your data is moving. It is usually expressed as the amount of data transferred in a second, such as kilobits per second or gigabits per second.
Cloud Hosting – Cloud hosting allows multiple computers to work together to handle the hosting needs of any website.
CMS – CMS which stands for content management system is an interface that allows you to manage your website content, for example add and edit pages, such as WordPress.
Cookie – A cookie is Information a web server gives a browser and used to save information about web usage.
cPanel – cPanel is a web hosting control panel that enables you to quickly and easily configure many account settings.
CSS – CSS stands for cascading style sheets and is programming code that adds additional detail and functionality HTML-based web pages, usually styling functionalities.
DDoS (Distributed Denial of Service) – DDoS is an attack on your web server when multiple computers flood a server with network traffic hoping to bring down the server.
Dedicated Server – Type of web hosting server where the hosting company gives you your own server.
Disk Space – Disk space is how most space your website will how on the web server for storing files, such as HTML, images, videos, etc.
DNS – DNS stands for domain name services and translates human-readable domain names, such as yourwebsitenme.com, into numerical IP addresses that computers can understand, such as 220.127.116.11.
Domain Name – This is the uniform resource locator (url) where your blog can be found. This is what your readers will type in their browser to find your site. Ex: www.yourwebsitename.com
FTP – FTP stands for file transfer protocol and is a service for transferring files over the internet.
HTML – HTML stands for Hypertext Markup Language and is the standard programming language used to create web pages.
HTTP – HTTP stands for hypertext transfer protocol) is the protocol used to transfer media across the internet.
MySQL – MySQL is a popular database system used to store data for content management systems such as WordPress.
Nameserver – A server that translates domain names into IP addresses using the DNS record.
PHP – PHP is a programming language that allow you to generate dynamic content by embedding code directly into the HTML of a web page.
Platform – The platform is the software that runs your website. Some examples are WordPress.org, WordPress.com, SquareSpace, and Wix. This is where you write your content and set up the look and feel of your website.
SEO – SEO stand for search engine optimization and is the process that helps raise the ranking of your website in search engine results listings.
Shared Hosting – Shared web hosting is when you share a web server with other users.
Server – Servers that act as a storage center for your website. It stores your website files.
VPS – VPS stands for virtual private server and allows a user to share a web server with other users but not share resources.
Web Host – The web host is where your website lives online.
Uptime – The amount of time a website is fully functional.