Basic WordPress security and site management

WordPress is commendable for its user intuitive interface and appearance. Being one of the more popular content management systems, we have observed some trending issues that relate to either site speed or security.

Managing your site effectively can prevent you from having to experience these common functionality and security issues. This article will outline a few basic improvements that work well as preventative measures.

First and foremost, the security of your site is important, the last thing you want to spend time on is restoring your site to a non compromised version after having been hacked. Yes, hacked, perhaps you haven’t experienced this yet but this is a very common issue for WordPress users and there are a couple basic prevention methods you should apply.

1. Install a site security software such as Wordfence or Acunetix WP Security to monitor your website and identify potential vulnerabilities.

2. Change the default “admin” username, and choose a strong password. Use a password manager such as LastPass so you don’t need to remember all your passwords.

You are able to update your “admin” username using a username changer plugin or manually by editing your websites database.

3. Keep your WordPress version and plugins up to date.

Remind yourself that with WordPress ‘less is more’. Having handfuls of plugins running is not going to improve your site, it is more likely to going cause conflicts and reduce your site speed.

4. Revise what plugins you currently have installed and remove any unused/unwanted plugins. At this point it is important for you to understand the interaction in between WordPress itself and the installed plugin. If you are unsure of the plugins purpose a quick google search will fill you in on its functionality, then its up to you to identify whether it is important to keep or not.

Remove each plugin one by one and observe any changes that occurred after removing the plugin.

Once you’re satisfied you don’t need a particular plugin, delete it rather than disabling it. Disabling it leaves it on the filesystem and accessible to hackers.

It’s also advisable to only use plugins from well-known sources, such as the WordPress plugin and theme directory.

5. Be aware of your resource limits and where they are being allocated. Remove old content and delete any unused themes. Also keep an eye on any caching or logging plugins, due to their nature they can often occupy a lot of disk resources storing a backlog of files that you may never use.

As a further security measure, install your own complimentary Lets Encrypt certificate.

At first this may appear like a lot of work, but once you’re on top of your content it’s fairly simple to keep your site healthy. A little bit of maintenance here and there will save you time in the long run.