Protecting your WordPress website with these security practices.
As you’ve probably guess I am a big fan of WordPress websites. While I have a lot of love for Squarespace as well, WordPress sites offer a level of customization in design that is super easy to do when you have the right tools, with no CSS or coding required. But when not set up and maintained properly WordPress websites can become vulnerable. Which is why protecting your WordPress website is so important.
As your website becomes more visible it is going to attract comments, and not all of them are legitimate comments you want to have on your website. Some may look real, but upon closer inspection you will see that many are simply there to add links to your website to content that is most often not what you want to represent. Links to things like pornography, prescription sales, and gambling are some of the common.
There are a few things you can do to manage comments and keep these junk ones off of your website. To review and update the settings related to website comments go into your website dashboard and select Settings > Discussion…
Option 1: Don’t Allow Comments
- Simply uncheck the box next to Allow people to submit comments on new posts. And this will stop people from being able to comment on any new blog posts you create.
- To turn off comments on your old posts check out this quick video that shows you how to do it – Video Tutorial: Turning Off Blog Post Comments
Option 2: Allowing Comments Safely
- Make sure you have checked. This ensure that anyone leaving a comment will have to share their name and email address, blocking comments that do not contain this information
- Check the box next to ensuring no comments will be posted to your website without your approval
Finally, regularly check the comments, marking SPAM comments and deleting them from your site.
Your WordPress site is going to require regular updates. These updates are not just WordPress itself, but the theme and plug-ins that you use. While it isn’t necessary to install and update as soon as it becomes available, ignoring them for too long can cause
- Issues with the overall functionality of your website
- Slow loading speeds which can hurt your SEO visibility
- Vulnerabilities that can cause serious security concerns such a malicious code
Some hosting companies are starting to offer automatic updating but not all do. Those that do are not always effective so it is worth the small time investment to ensure your updates are being completed.
If you’ve worked with a web designer in building your site, you will also want to make sure you understand who is responsible for installing updates once the website is built. At Web Designs by Teresa we check all of our WordPress websites on the maintenance plan weekly, but not all designers offer this service. Make sure you check with your designer to see if this is something they offer.
Installing Your Own WordPress Updates
If your website designer doesn’t offer this service, or if you’d like to save a little money you can easily install these updates yourself. I recommend checking your website at least twice a month for any updates that are needed.
Before you install updates make sure you have a recent back up of your website. This can be done most easily through your hosting company.
To install updates
- log into the Dashboard of your website and go to Updates.
- Select one plug-in or theme to update and click the update button
- Verify the portions of your website associated with this plug-in is working correctly
- Return to the Updates page and repeat steps 2 – 3 until all plug-ins and themes are updated
Why only one update at a time?
While it is not super common, it is not unlikely that an update can cause issues with your website. By installing one update at a time you will know exactly which update caused the issue, giving you the opportunity to delete and reinstall that update or find an alternative plug-in.
Why I’m not a fan of automatic updates…
There is a new trend happening in the WordPress hosting world, where companies are now attempting to automatically install updates for you. Their intention is a good one… to keep your website secure. The trouble with automatic updates is that you may not know when something breaks on your website. And if you don’t visit your website often it could be a while before you realize it isn’t working.
By installing updates yourself, you have the ability to test that update right away, and address issues if any arise.
What to do if a theme fails?
With a good quality theme installed this rarely if ever happens, but it is not impossible. The first step is to ensure you have a default WordPress theme in place (something like the WordPress Twenty Twenty theme). Next step is to reach out to the theme developer through their support channels. If they don’t have a support channel I highly recommend you look into using another theme. If you are looking for an amazing WordPress theme, I highly recommend Thrive Themes, and here is a quick post to tell you why… Why I LOVE Thrive Themes
It really isn’t as overwhelming as it sounds…
I know a lot of people get really overwhelmed with the idea of doing their own updates. So I want to share with you that it truly is much easier than it seems, and it doesn’t have to be overwhelming. In fact, it can be a “quick check off” you to do items each week.
Need a little help feeling confident with your WordPress Website?
I offer 1-on-1 consultations to help you better understand your WordPress website, and feel confident maintaining it.
In in as little as one session you can take control of managing your website yourself saving lots of money in the future.