In the first part of this blog we covered the hosting and installation of WordPress.
So now we have a WordPress website with a theme, time to create lots of content?
No, the two worst things that can happen to your site is an attack or loss of data.
So we will take care of this before we create any content, and then we can put our energy in to creating great content.
WordPress – Security
At this point your website is vulnerable to a wide variety of attacks.
There are 3 key steps you can take to secure your website.
Step-1 Password Manager – Strong Passwords
Firstly setup a password manager, these applications allow passwords to be stored in highly-encrypted databases, which can be unlocked with one master password. Your master password should be a strong password(at least 12 characters including Numbers, Symbols, Capital Letters, and Lower-Case Letters)
The key benefit of a password manager is that you only need to remember one strong master password, which in turn protects all your other passwords. Also a password manager will help you generate strong passwords for all your other password.
Step-2 Create a new admin user and remove default admin user
Attackers will try to login to your website using the default admin username and a variety of passwords. Thus we want to remove the admin user.
- In the admin console create a new user with administrator role.
- Ensure you can login with the new administrator user and that you have all the admin functions
- Delete the original admin user, you can transfer any existing content to the new admin user or any other user you wish
There is a more detailed overview of this topic in this post
Step-3 Security Plugin
To secure your website you could follow a checklist of options you can change manually or you can simply use a security plugin such as IThemes Security.
This plugin will give you a wide variety of options to lock down your website and runs various security checks
There are two options I would recommend enabling that relate to step 2.
- In the WordPress Tweaks options enable “Force Unique Nickname”. Then navigate to your user(s) that you use for publishing articles and set a nickname and from the Display name publicly drop-down pick the nickname. This prevents bots and attackers from easily harvesting user’s login usernames from the code on author pages.
Note this does not automatically update existing users as it will affect author feed urls if used.
- In the Strong Password Enforcement section select the administrator role. This will force administrator roles to have strong passwords.
Finally the last recommendation of this blog, is to familiarize yourself with the process of backing up your website.
This will ensure you can quickly recover from data loss.
There are two components that you need to back-up the database and the website files.
Typically your host provider will offer on-demand or scheduled back-ups and restore functionality.
If your service provider does not provide these services or if you are self hosting, you may wish to perform the back-up your website using a plugin such as BackWPup
In this blog we have covered the topics of security and backups.
In the next blogs of this series I will cover creating a wide range of subjects including
- WordPress Themes and useful configuration tips
- How to configure WordPress concepts such as featured-images and setting your home page and blog.
- Search Engine Optimization (SEO): On-page and off-page factors.