WordPress’s popularity as a content management system (CMS) has advantages and disadvantages when it comes to security. Its popularity makes it a large target for individuals looking to exploit vulnerabilities. However, that same popularity means there is a global force of volunteer developers proactively patching vulnerabilities.
So how does Fluent keep our client websites secure? We use three tools/platforms to protect our clients and their digital real estate.
Using The Right Website Host
We recommend only one hosting provider – WP Engine. Unlike a lot of providers on the market, WP Engine’s platform was specifically engineered for WordPress websites and this has a major impact on the security of your website.
One of our favorite features of WP Engine is its website backup feature reminiscent of Apple’s Time Machine. Regular backups are arguably the most important tool for protecting your WordPress website. WP Engine backs up your site on a daily basis, so if your website is ever compromised an earlier version can be restored with one click.
WP Engine also actively monitors for vulnerabilities in WordPress plugins, which can be susceptible to attacks such as SQL Injection. WP Engine will automatically uninstall any plugins that don’t mean their standards.
Installing a Solid Security Plugin
We install WordFence on every website we develop. WordFence is a free plugin which can be upgraded to unlock additional premium features. As a free plugin WordFence comes with many features including a firewall, malware scan, and a tool to stop brute force attacks. Upgrading to the premium plugin allows for two-factor authentication and country blocking.
While regular backups ensure you can restore your website if it is hacked, security plugins like WordFence proactively guard against such attacks.
Using a Password Manager to Create and Store Your User Password
Strong passwords are a necessity for the security of any platform, including WordPress. We often see clients using the same password over and over again for different accounts. Passwords should be unique for each account and should be strong. What makes a strong password? Here is an example of a strong password created with LastPass’s password generator: MYc*9skG4kVmcxmtHva5.
No matter how strong your password is, if someone else knows it they can use it. That’s why an important security measure to take is to avoid storing passwords in notebooks or on unencrypted drives. Your notebook, computer or hard drive could be stolen or lost and your passwords could fall into the wrong hands. We recommend you use a password manager instead. At Fluent, we use LastPass to store and share passwords with each other. Password managers allow you to create secure passwords and then securely store and share the passwords.
Let us know if you have any other questions.