Keep Your WordPress Site Secure : Web & Search Engine Optimizers : RippleSmith

This is the 4th post in a series about WordPress security. If youâ€™re the type that likes to start at the beginning, you can pick up on the full series here. If youâ€™re the sort that likes to jump in with both feet, keep reading about how to keep your WordPress site secure.

1. Chose the Correct WordPress Hosting Solution

There is no, one size fits all, â€œbestâ€ hosting solution. Choosing the WordPress hosting vendor means you pick the solution that works best for you. If you prefer a hands-on hosting solution you need to have a provider that has a strong security team that can support your questions (and problems) as needed. You may also want the provider to have relationships with web security specialist that you can hire if you need them.

If you never want to worry about WordPress security, consider using the simpler WordPress.com hosting solution. Youâ€™ll have far less flexibility but the maintenance is taken care of for you.

2. Monitor Your Website

There are a few free, simple things you can do to monitor your website to be sure it is up and clean. Iâ€™m recommending three tools: Pingdom, Google Webmaster Tools and the Wordfence WordPress plugin. Some of these tools may be a bit duplicative, but thereâ€™s no cost, so no worries.

Related Resources from B2C
Â» Free Webcast: The 7 Deadly Sins of Lead-Gen Landing Pages

Pingdom

Pingdom is a free service that monitors your site and sends you an email notification if your site goes down. It also provides a weekly report of your overall site uptime. If I had gotten this notification I would have caught the problem sooner.

Google Webmaster Tools

This recommendation comes from a commenter on this blog. Bhavesh Desai recommended using Google Webmaster Tools to clean my infected site. As you can see below, Google didnâ€™t detect my infection.

Google Webmaster Tools didnâ€™t sense an attack

HOWEVER, Google Webmaster Tools did have concrete evidence of the outage and if I had set up the email notifications to be more inclusive, I would have been emailed an outage notification.

Set your notifications to be â€œAll Issuesâ€

Googleâ€™s outage notification

Wordfence

Wordfence is probably the best tool for monitoring your site and preventing it from attack. I only became aware of this WordPress plugin through writing about my site issues and Iâ€™m thankful that a previous commenter recommended it to me. The features you get from the free version is very impressive.

Wordfence free features:

Realtime security scans
Scanning of core WordPress and theme files
File repair
Malware scanning
Backdoor scanning

Congratulations, no problems found. Music to my ears!

If you want scheduled, frequent scans and premium support you can upgrade to $39/year.

3. Monthly Maintenance Plan

Before the hack I was taking a monthly backup of my WordPress database and saving it in the cloud. Dreamhost provides infrequent backups but I want to have my own, monthly backup that I can rely on. Backing up your WordPress database is pretty straightforward once you figure out the command. Hereâ€™s a resource on it. Itâ€™s pretty techie, but once you figure it out you can save it and run quickly.

To keep my site secure, this is my new routine:

Backup WordPress database as described above â€“ monthly
Review and upgrade WordPress, themes and any plugins â€“ weekly
Run a Wordfence scan â€“ weekly
Check pingdom report â€“ weekly

Now if you want to upgrade WordPress core files automatically, you can modify your wp-config.php file to allow for auto upgrades. I went with the â€œminorâ€ updates which means it will automatically upgrade minor updates, but I will manually do major upgrades, which are pretty infrequent anyway.

define( â€˜WP_AUTO_UPDATE_COREâ€™, minor );

Important!

If you have other tips for keeping WordPress secure, put them in the comments belowâ€¦

Photo credit: Flickr