Most small business owners are running multiple types of software on their websites. That means keeping your website updated, making sure you’re running the current version of WordPress and checking for new plugin updates.
Software Upgrades
It’s your responsibility to make sure all of your tools are updated. Keep in mind that software purchases often have to be renewed annually so you can continue getting the latest updates.
You build a membership site or a shopping cart through aMember. Your purchase gives you six months of free updates. After that, you’ll need to renew your license to continue getting these updates. This is not an area of your security you want to ignore. Doing so could leave you and your customers vulnerable.
Don’t Ignore WordPress Upgrades
One of the simplest ways to keep your WordPress website running smoothly is to upgrade the software. When WordPress is ready for an upgrade, you’ll see the word ‘updates’ and a number, like this: update (1). You’ll see this on left side of your dashboard or at the top of your admin bar.
Click on the updates button and WordPress will guide you through what to do next. But before you upgrade, you should pause to make sure you have a recent backup of your website.
This ensures that if anything breaks during the upgrade process, you can easily fix it.
Don’t wait too long between upgrades. Not only can this cause your website to break, it can leave you vulnerable. After every update, WordPress releases a list of bugs fixed. Some of these bugs are vulnerabilities that a hacker could exploit. That’s why you should always update as soon as you can.
Payment Security
Making a purchase is an act of trust for a customer. They’re trusting that you’ll protect their financial information and provide them with the product or service you promised to deliver. You can keep customer’s financial information secure by using a trusted third-party like PayPal to handle your business transactions.
But don’t stop there. As a precaution, you may also want to have a second payment system like Stripe. This gives you the ability to keep your business running and protect new customers if you suspect your PayPal account has been compromised.
Securing Your Content By Branding It
Another thing you should consider when you’re thinking about your website security is branding your content. Branding your content means that when you and your fans share your blog posts and images on social media, you’ll be recognized as the creator.
An example of this type of branding is posting an image to your blog that has your domain name on it. Whenever this photo is shared on social media, you’ll get the credit and this will drive more people back to your website.
Install Security Plugins
You don’t have to tackle WordPress security on your own. There are plenty of security plugins that can help you. WordFence is the most popular option and it continually scans your website looking for vulnerabilities. If it does encounter a security lapse, you’ll get an email so you know the moment it happens. The plugin is free but you can upgrade if you decide you need more support.
iThemes Security is the plugin we’re hearing recommended most often these days. They have a free option and a pro upgrade option.
Another security plugin that’s popular is Bulletproof Security. It will notify the admin user if any infections within your website are detected. It also caches the pages of your website so they load faster for your visitors. There’s an auto update feature with this plugin so you don’t have to worry about updating to the latest version. Bulletproof Security is free but you can upgrade if you want to extra support.
Hiring a Security Expert
Your website is the heart of your business. If you want to keep it healthy, hiring a WordPress security expert is the way to go.
Paul Taubman over at Digital Maestro is someone we recommend often.
We also send people to Renee Shupe over at Get A Geek In Your Pocket.
When you hire your expert, ask who’s responsible for back-ups. If you’ll be the one backing the site up, ask for step by step instructions to ensure you’re doing it correctly.
Updating Your Plugins & Themes
Start by keeping your plugins and themes updated. If you’ve downloaded your plugins through the WordPress directory, then login to your site and click on the plugins menu on the left side of your dashboard.
Once you’ve done that, select all of your plugins and click on the ‘Bulk Actions’ dropdown menu. Click ‘Update’ then the ‘Apply’ button. If everything is up to date then nothing will happen. But if your plugins are in need of updates, WordPress will start downloading them.
Next, click the ‘Appearance’ link on the left side of your dashboard. This will show you all of the themes you have installed. If you notice any themes with an update banner, then click on them so WordPress can download the latest version of your theme.
Cleaning Out Themes & Plugins
After you’ve finished updating your themes, look through them. Are there any themes you’re no longer using that can be deleted? If you find an old theme you heavily customized, you can download a copy of it through your web host’s cPanel or through an FTP program like Filezilla.
Now that you’ve removed unnecessary themes, it’s time to tackle your plugins. If there are plugins you’ve deactivated and haven’t used in 6 months, delete them from your site.
You should also check if you have two or more plugins doing the same job. For example, WordFence protects against brute force hacks. But if you’ve also installed Brute Force Login Protection then you have two plugins serving the same function. You should pick one of these plugins to keep and one to delete.
Following up with Security
Once you’ve updated your plugins and themes, follow WordPress blogs that cover security so you’re always knowledgeable about the latest threats. Start by following the official WordPress blog so you’ll know when new bug fixes are released.
The WordFence Blog is filled with helpful information on how to protect your site. They regularly share which themes and plugins contain vulnerabilities. The Sucuri Blog also offers security tips for all websites and has a special WordPress security category.
Themes and plugins have a lot to offer WordPress users. You can change the look and feel of your website and add special functions with the click of a few buttons. But that doesn’t mean that these tools are always safe. It’s important you do your own research before you download and install anything on your website.