Join Morten Rand-Hendriksen for an in-depth discussion in this video Security through hosting, plugins, and third-party services, part of WordPress 4 Essential Training.
- You know how people say that if you want to avoid viruses and malicious software, you are better off going with a Mac than Windows computer? Well, the reason for this is that Windows computers are far more prevalent, and therefore, if you're going to write malicious software, you will have a broader space to work in if you're targeting Windows computers than Mac's. Unfortunately, because of WorkPress's popularity, the same thing is happening with WordPress. If you set up a WordPress site, more people are going to try to attack your site, either by leaving spam comments or running distributed denial of service attacks, or hacking into your site and doing something with it, or a million other things.
So, once you set up a WordPress site, you have to be aware of how to protect yourself. There are lots of services out there that can help you protect your sight. Some of them are free, some of them cost a bit of money, but all of them are well worth the investment. So let me take you through a couple of services that I use for almost all of my sites, both personal, and client sites and that I recommend you check out. We'll start with CloudFlare, now CloudFlare is what's known as a caching service. So, basically, CloudFlare sits in between your site and the visitor and caches your site so that it takes some of the load off your site.
So, when people visit your site, they're not necessarily actually getting content from your server, they're getting it from CloudFlare servers. The reason why you may want to use CloudFlare or a similar CDN or caching service is that when you get a lot of traffic, it'll quickly overload your server and these services will take some of that load away. The great thing about CloudFlare is that they have a free option, you can install it in your WordPress site, it's very easy to set up and it works out of the gate. The other great advantage of CloudFlare is that they block malicious attacks. So, if a certain computer or certain block of computers and just coming in to your site and hammering it with a request, CloudFlare will automatically shove them off to the side and just direct them away from you site so your site doesn't go down in that attack.
Regardless of whether your site gets attacked or not, it's also a good idea to have proper backup and security for your WordPress site. Backup is important for many reasons. It's not just that someone can come in and attack your site, it's also that sometimes things go wrong in computers and your host is just a computer. And if things go wrong on the host, then you might lose all your content. Now, all hosting providers will claim to have proper backup, but take it from me, the reality is, in many cases, that backup may be two weeks old or two months old.
If you run proper backup in your site yourself, you're ensure that if and when something goes wrong, you're able to restore everything. Now, automatic the company that runs WordPress.com has created a backup service called VaultPress. And VaultPress can be installed on any WordPress site, and not only does it run backups and security checks on your site, but they also guarantee to restore your site with the one-click feature. And if that doesn't work, they'll actually help you restore your site. So if you want proper backup and security and you don't want to worry about it, investing in VaultPress might be a good idea.
Automatic also runs another service named Akismet. I've mentioned Akismet before and you've seen it as one of the default installed plugins in WordPress. Akismet scans every single comment that comes into your site and makes sure it's not spam. And it's actually very good at it's job. On average, Akismet will catch about 98 to 99.9% of all the spam comments that come into your site, automatically put them in the spam folder, and then deleting them after you've checked them. Now, Akismet is not a free option. Well, it can be free if you are building a personal blog, but you have to pay for it based on the type of site you have.
And this is something that's well worth the investment because getting a lot of comment spam on your site will take up an enormous amount of time in comment management. So using this simple bot will help you avoid all those problems. Now, if you're interested in Akismet and VaultPress, I recommend you go check out the combo options. 'Cause you can get a security bundle that give you both VaultPress and Akismet plus at the same time. Now it might seam like a lot of money, $299 a year, but the reality is, what you get out of this is safety and security on your site, and if you're running a business site, $299 should not be a lot of money.
And you can just write it off if you want to. Finally, you should protect your site against what's known as brute force attacks. You can install a plugin called Limit Login Attempts that will prevent brute force attacks from happening on your site, but if you're using the Jetpack plugin, Jetpack comes with something called Protect. Which does the same job and also does a bit of other types of black listing IP's and stuff like that. So Jetpack might also be a great security solution for your site, and like I said, if you're just starting out and you want to add a bunch of features to your site, you may want to check out Jetpack because it has pretty much everything you need bundled into one single solution.
Now, all that said, I don't want you to be worried about your site being constantly under attack. By taking some very simple security measures, like using CloudFlare and installing some simple security plugins, you'll further protect your site from attacks and ensure that your site will not be the one that everyone starts to target.
Note: This course covers an older version of WordPress, which features the Classic Editor. Watch this course only if you are using the Classic Editor plugin or using WordPress 4.9 or earlier. Otherwise, watch WordPress 5 Essential Training, which covers the new Block Editor experience.
- Creating posts and pages
- Formatting text
- Publishing and scheduling posts
- Adding images, audio, and video
- Bulk editing posts and pages
- Customizing themes and menus
- Using widgets
- Extending WordPress with plugins
- Editing users profiles
- Configuring settings
- Getting new readers
- Keeping WordPress up to date and secure