Five maintenance tips to keep your WordPress website safe
Timo, December 19, 2019
Website maintenance is essential to keep hackers and malware out. WordPress is the most widely used content management system. Because of its user-friendliness, everyone can build a website with it. Of course, this user-friendliness is very nice, but the popularity of the CMS entails a number of security risks. One leaky plug-in or outdated core can serve as an input to infect websites. In that case, negligence in website maintenance is asking for problems. So maintain your website! Because yes, your WordPress website is also vulnerable to malware and viruses.
How do I maintain my WordPress website to keep it safe?
Many malware infections are caused by software that is outdated. Think of the WordPress core, themes or plug-ins. When hackers find a leak, they then look for all websites that have the same leak in order to place harmful malware. Research by security platform Sucuri shows that 36.7% of the websites for which a clean-up request was made, had an outdated WordPress core. A Wordfence survey, conducted among website owners with infected websites, showed that in 55.9% of the cases a leaky plug-in was the culprit. So keep your WordPress core, theme (as far as possible) and plug-ins up-to-date. As soon as a leak is detected, a patch usually follows quickly and the leak is closed. The longer you wait to update, the more likely it is that you will be successfully attacked.
Scan your website regularly
If your website is infected with malware, there is a good chance that you don’t understand this. Malware often nestles unnoticed on a website where it does its thing off-radar. For example, your site, or server, can be used in a larger network to carry out DDoS attacks. Read more about how hackers work and what their motives are in our blogpost about Security Plus. To find out if your website is infected, it is wise to perform regular malware scans. There are several plug-ins that can be used for this. The Sucuri Security and Wordfence plug-ins are examples of this.
A lot of Malware has the function to infiltrate your website so that password data can be captured afterwards. It is therefore wise to work with a two factor authentication (2FA). When your password is cracked, you cannot log in without the control of a second device. That device (often your phone) is of course only in your own hands. It is also wise to create an account with a password manager. LastPass and 1password are examples of this. With these tools you can automatically create strong passwords that are stored in a safe. So you only have to log into your account with a 2FA to have all your passwords at hand.
Prevention is better than cure. But even with the best precautions, things sometimes go wrong. With a backup in your hands, you can restore your website to an earlier ‘clean’ version. If you don’t have a backup, you often have a problem. You will have to detect the infection and clean up your site. You can also have this done, then it will cost you money. In the worst case you can’t clean it and you have to rebuild your website. Taking the time to set up a backup then suddenly doesn’t feel superfluous anymore.
Choose the right hosting provider
Cheap is often expensive in this case. If you go for the cheapest hosting package, there is a big chance that the security of your server is not optimal. You want a hosting provider that keeps its servers up to date and places your website in a data centre where the hardware is also in order. In addition, you can also opt for managed hosting where you are supported in website maintenance and security. This includes automatic backups, malware scans and updates. But also SSL certificates, the firewall, brutal prevention, etc. It takes a lot of time to set up and keep track of all this yourself. That’s why it’s often worth handing it over to a managed WordPress hosting provider.