It’s “Fan Question Friday!” Reader Andy Stewart from the UK asks the following…”What are some tips for maintaining site security, preventing hackers, and how do can I backup my WordPress blog? Great question Andy! This guide is also available in podcast format on \\ iTunes \\ Stitcher \\ Google Play \\ Overcast \\ Spotify
It only takes ONE time to ruin your blog.
You probably don’t think about hackers like Neo cracking the vault to your blog on any given day, but the truth is there are SEVERAL different ways your WordPress site can be brought down in flames.
And it only takes one crash/hack with NO backup to make you curse Pat Flynn and the other blogging gods.
You don’t want to be that blogger.
The good news? You can rest your mind at ease easily (and for free) with a few certain plugins and tools to bump your site security and backup your site regularly.
This post will guide you through my simple recommendations for each category, and provide some general tips for protecting your site along the way.
Come at me, Neo.
6 site security tips to learn how to backup your WordPress site:
Important note: You do NOT have to implement all of these ideas and install ALL these plugins.
For one, having more than 15ish plugins in total can actually affect site speed, which is bad news!
Second, depending on the size of your site (both in traffic and in database storage), you really don’t need to go 1,048% ALL-OUT to protect your site. Keep it simple with backups and one or two additional security methods
1 – Backup your site
Before we talk about tools…you should know this:
Keeping occasional backups is the SINGLE BEST TIP for site security on your blog.
Regular backups are your get out fo jail free cards, and they can be useful for several reasons:
- Somebody hacks your site? Get control first then install a backup
- Site crashes because of a silly host? Install a backup.
- Content gets deleted because you did something stupid? Install a backup.
There is absolutely no excuse for not regularly backing up your site.
This includes money and time! There are most certainly free tools to automatically backup your site, and they literally take a few minutes of your time.
That said, let’s talk tools:
Updraftplus WordPress plugin (FREE to $70 lifetime)
Updraft is what I use, and is probably the widely-used backup plugin…for good reason: It has an awesome free version!
You can find install it by searching “updraft” in your WP plugins dashboard, or at The World’s Most Trusted WordPress Backup Plugin – UpdraftPlus.
Also, even the free version allows you backup to remote storage sites like Dropbox, Google Drive, etc. This is why they’re awesome.
Here’s a fun gif I made showing how easy it is to start a backup.
The pro version starts at $70 (not a subscription. Lifetime access), which not a terrible deal, especially if you’d like to automate daily backups.
Jetpack WordPress plugin (formerly Vaultpress)($39/year)
Many of you probably already use Jetpack for other stuff on your blog…it’s a huge tool that’s made by the same team that created WordPress.
Jetpack actually bought the Vaultpress plugin, which was one of the huge backup tools alongside.
Pros: Vaultpress is easy to use and effective. Also, the $39 a year is for the full Jetpack Personal plan, meaning there’s other cool Jetpack features in addition to just Vaultpress
Cons: I personally hate Jetpack, and there’s no free version.
You can find more info about Jetpack Personal backups here.
(One last note on backup plugins: There are a TON more out there to choose from, but they don’t have the track record of the two above…and they don’t seem to be as cheap with as many features. I looked into about 7 others, and they were ‘meh’)
2 – Keep awesome passwords
You’d think we’d be able to file this under the “well duh!” category…but let’s face it: we hate complicated passwords, and we hate CHANGING passwords constantly, so most of us don’t do it.
So this still makes my list:
Make your passwords effective, and change them every fortnight or so.
Quite frankly, you don’t need to know HOW to do that, what you should do is grab a password manager.
Lastpass is absolutely amazing, and their free version is MORE than enough.
Lastpass is by far the most popular choice for external password managers, for several reasons:
- Seriously, their free version is more than enough
- Even then, premium is $2 / month (lol)
- Lastpass can auto-log-in to websites (so, so sweet)
- It generates super-tough passwords for you (and remembers them so you don’t have to).
Most of you have probably already heard of password managers, so if you’re not using one already, please do so.
It’ll help keep your blog log-in safe, and generally every website you log into on the internet 🙂 🙂
Lastpass baby. (But if you just don’t trust me, 1password and Dashlane also have great track records.)
3 – Use a security plug-in!
Tagline: If you really really want to. Most of the bloggers I know don’t actually use one of these, probably because an attack is actually quite rare (especially if you protect log-ins w/ authentication and awesome passwords).
That, and keep off-site backups reduces the long-term risk of losing anything (unless I’m missing something)
However, you’d like extra protection, WordFence is king!
Wordfence is the go-to free recommendation (the premium is roughly $99/year I believe).
It’s comes with a ton of stuff, BUT for the two factor authentication….you’ll need to upgrade to premium, which is why I suggest other plugins for that below 🙂
Also, iThemes Security Pro.
So I’ve never used iThemes…but their plugin suite looks awesome.
For a one-time $247 payment, you’d get
- BackupBuddy (also available separately)
- iThemes Security Pro (also available separately)
- A few other cool things.
This could be worth looking at if you’re seeking a backup plugin AND advanced security plugin.
4 – DO limit login attempts
This another easy “well duh” security tip for WordPress.
Simply put, there are loads of easy plugins for filtering out bots and hackers trying to log-in to your site.
Grab the Google Authenticar plug-in in your WP plugins dashboard. It’s free and awesome.
Another awesome site security tip is to change your login URL
There are a few plugins that do this, but let’s bring up iThemes again.
It’s part of their advanced security plugin 🙂 🙂
5 – ALWAYS keep WordPress up to date.
WordPress issues updates every few weeks, and it’s generally a great idea to go ahead and update whenever you see the prompts to update!
There almost always small security bugs and updates included in each release.
The “prompt” to update is always featured prominently at the top of your WordPress dashboard when you log-in.
(On that note, be sure to keep your plugins updated as well! Take the extra 15 seconds when you see one needs updating….and update it.)
6 – Get SSL like YESTERDAY
It’s not just for protecting sensitive customer data.
It’s about protecting ALL data sent between browsers and servers, making it extremely difficult for hackers to work their way in that connection somewhere.
(The icing on the cake? Google’s SEO algorithm’s prefer you have SSL as well! And who doesn’t want more traffic??)
You can literally buy a Namecheap SSL starting at $9 a year. That’s affordable folks. (Even if your blog is hosted elsewhere btw).
So that’s how to backup your WordPress site. Now it’s your turn…
What other site security plugins, tips, tricks, etc can you recommend? I’d be curious to hear about them.
Let us know in the comments!