This post is written for clients and people who don’t consider themselves to be techies about how to make sure your WordPress blog stays secure. For techies I recommend taking a look at this post
I have a client that I had helped to get his blog set up some time ago. It was never quite finished as he got busy and wasn’t responsive for a while. This tends to happen a lot. Life gets in the way. One day he sent me a text saying that strange links were showing up on his site. His blog was seriously out of date as far as the WordPress version and plugins were concerned. He wasn’t on my monthly blog maintenance program where I make sure client sites are always updated and working well. I took a look and sure enough there were odd little links for casinos, viagra and other weird stuff that were popping up in the text of the posts and on other pages. I had to go through page by page and take the links out of the code. It took me several attempts before it was completely cleaned up. Fortunately, he only had a few posts up and not a whole bunch of pages.
Generally WordPress updates fix bug and improve security from hackers. When a WordPress and plugins are not updated, it’s easier for hackers to get in. It’s amazing how many hackers and spam bots are infiltrating the Internet.
Below are a few action items you can take to make sure your blog stays secure.
Sign up for an Akismet account. This plugin helps to get rid of comment spam. https://akismet.com/ Usually the free account is all you need. To be honest, many newbie bloggers don’t bother to sign up for Akismet even though it’s a plugin that’s commonly installed along with WordPress. All you need is to find the API key to activate it and it will catch tons of spam. It’s always better to have your own account when it comes to anything that has to do with your blog, rather than let your web developer add their own personal API keys, etc. The reason is: if your web developer takes off to lower Slabovia for 6 months or quits altogether,you’ll be left holding the ball. In other words own your own stuff.
Make sure a plugin is added called Growmap Anti Spambot Plugin http://wordpress.org/plugins/growmap-anti-spambot-plugin/ This plugin adds a checkbox at the bottom of comments that must be clicked so that only actual human beings can leave a comment. It stops about 99% of bots and gives you extra protection along with Akismet. There are other Spam blocker plugins available but this particular one works very well and is always updated.
Just a note: If you use the plugin Comment Luv, which is an excellent way to create engagement with your readers, Growmap Anti Spambot Plugin (GASP) is included. Comment Luv has 7 plugins all in one which is really cool.
Don’t copy and paste info directly from one site to another or from Microsoft Word. My client had copied over some references from another site that possibly contained bad code or was hacked. This is probably how the mysterious links appeared. A good rule of thumb is to copy text into Notepad (PC) or another plain text program. This cleans up any malicious code. Then copy it into your post or page editor. If you create a blog post using Microsoft Word, use the W button on the visual post editor to insert your text. This cleans up bad code as well. For some reason Microsoft Word and WordPress don’t really get along.
If your host is aligned with a program called CloudFlare CDN, get it activated. Bluehost integrates Cloudflare on its servers and it’s quite amazing. Cloudflare will not only speed up your site, but it protects it from major threats. I was surprised it find it out it had blocked hackers on my sites from places like Russia and China. Not only that, but it provides awesome analytics.
Keep your site updated with the latest versions of plugins and WordPress. This isn’t always easy. Sometimes you can do an auto update and get a big fat error message. You have to make sure your site is always backed up. Bluehost’s Pro Backup feature assures you that your site will not only be backed up daily, but that you can restore specific parts or versions of a site if needed. If you aren’t using Bluehost, check to make sure your server has a daily backup option. There are also plugins that will do scheduled backups. I’ve found that some backup plugins work fine and others don’t. It depends on what server you’re using. It’s good to use a simple scheduled backup plugin along with knowing that your server is backing up your site.
Some WordPress themes are easier to update than others. One of the reasons I love using StudioPress themes, as much as possible, is that they have an auto update feature for their themes. Other theme companies require that you update using FTP software to move over files . Most people don’t know how to use FTP. Still other themes have no updates available at all. This happens with some free themes and also on many custom coded themes created by a personal designer. There’s always a chance that a brand new WordPress update will break the theme if it’s not updated to keep up with new technologies.
To take the stress of updating sites off my clients, I offer them a monthly blog maintenance plan. I make sure the updates are done correctly so that there’s less of a chance of having a blog-mergency.
If you install your own plugins, make sure the plugin developer is doing frequent updates as well. Sometimes plugins are created and for some reason or another the plugin developer stops working on it. It may be it’s simply irrelevant because of newer WordPress functions or they just got tired of working for free. Installing a bad plugin can cause issues, so you always want to have access to the server end of your site to remove the offending plugin if needed. Check the plugin ratings before installing and try to only install those with 4-5 stars uf possible. Deactivate and/or remove any plugins you aren’t using. Be discriminating on what plugins you use. Less is usually better.
Also, if you attempt to do your own WordPress updates, make sure your plugins are all deactivated first. Run a backup. Once the update is completed, activate each plugin one by one to make sure there aren’t any conflicts with the new WordPress version.
If you’re running a professional business, then it’s important to make sure your website is running as efficiently as possible and with the least chance of getting hacked.. Don’t let a nasty viagra link take down your site. If the technical aspects of your blog is not your thing, then hire someone to keep your blog up to speed.
If your site is important to your business then keep it in working order. If you need help, contact me and I’ll do the best I can to keep you running smoothly.