Create + Design + Market

WordPress Security Tips

If you have a WordPress website, or any other type of website, whether it’s a content management system or not, it’s still very important to take the necessary steps to help maintain security and prevent your account from being compromised. Changing passwords is highly recommend but that alone is not enough to keep your server secure. Since Gravity Station specializes in custom WordPress website design, this post is geared toward WordPress websites, but the basic security measures apply to all websites. These tips will help you do everything you can on your end to keep your hosting account secure. It is also important to host your site with a company that is capable of maintaining and securing their servers properly. If your hosting provider does not do a great job on their end, your efforts will be a waste of time, so make sure you choose the right hosting provider (we recommend Canvas Dreams).

Change your passwords regularly

Set a date every month and change your WordPress admin password (Go to ‘Users‘ and click on ‘Your Profile‘ then scroll down to the bottom. Find the ‘New Password’ fields and add a new password.), your hosting control panel password, and your hosting FTP password. Never use any words or terms from the dictionary, always use a string of letters and numbers, uppercase and lowercase. A good place to start is strongpasswordgenerator.com if you need help choosing a password.

Schedule Monthly Maintenance and Keep a Log

Set a date on your calendar to maintain your website and hosting account once a month. Also, keep a log of all the changes you make, updated passwords, etc. so you can always refer back to it if necessary.

Control Panel Backups

Find the ‘Backups’ icon (in the ‘Files’ section). Backup your database(s) and files on the server. If you do not perform regular backups and your site does in fact become compromised, you will be sorry! Seriously, you will not have a backup to restore. 1. Scroll down to ‘Partial Backups’ and click on the ‘Home Directory’ button to ‘Download a Home Directory Backup’. This will save a .zip file to your computer (and it may take a while, so grab a cup o’joe). 2. Under ‘Partial Backups’, select the database used for your site (in some cases, this might be more than one) and click on the database link to ‘Download a MySQL Database Backup’ If you ever need to restore your files or database, you can go to the same ‘Backups’ area and ‘Restore’ using the files you’ve downloaded.

WordPress Updates – Plugins

Update any Plugins that have available updates. You’ll notice a number in a circle next to the Plugins menu item, if there are any updates available. Click on the ‘Plugins’ button and then the ‘Update Available’ link at the top. This will show you all the plugins that need to be updated. If you are comfortable updating the plugins listed (for instance, you’ve updated them before, and you’re sure that none of them will break with the update), check the box at the top of the list to select all of them. Then select ‘Update’ from the dropdown menu at the top, and click the ‘Apply’ button.