Running WordPress securely

wordpress, blog, website

Time was when WordPress was a four-letter word in business. No longer. Not only has the platform become scaled scaled so that it powers 22% of all websites, it also has a maturing ecosystem of developers and tools convenient to business.

As with any technology you put to use in a business, even if it’s outsourced, you should have a clear plan that includes handling security, data backup and recovery. Think about launching your website, for example. Choosing WordPress as your platform for that is no different than selecting a CRM although in this case, you have some options to consider.



The first step in deploying a WordPress site is answering this question: Should you use or install WordPress on your own server? Both allow you to use the domain(s) you have purchased, so it boils down to feature and function.

The clearest differentiator between those two choices is deciding how much flexibility you will require for content. has tools for hosting image galleries, podcasts and video, along with integration to social networks. However, no plug-ins can be installed, which means that if you have a couple of clear-cut content goals, and will satisfy those requirements, then outsourcing to Automattic (of which WordPress is the progeny) will work for you.

Alternately, you may need an ecosystem of plug-ins, for example:

• Using a portal-like experience via the S2 Member plug-in,

• Publishing a podcast via a third-party service via the PowerPress plug-in from Blubrry, Blubrry Getting custom design capabilities through specialized themes like Thesis or plug-ins like TablePress.

In this case, hosting your own installation of WordPress makes more sense. That does not mean you can’t outsource the hosting. And that leads to the steps to securing your own installation of WordPress.


Web hosts who devote resources specifically to WordPress are emerging. The key in selecting your host is identifying how they will make using WordPress even easier.

The questions to ask here include:

• Do I have access to e-mail, phone and/or chat for support?

• Do support resources have extensive WordPress knowledge?

• Is automated backup and restore service available?

• Do you offer automated WordPress updates to keep me current?

• What are my limitations? (disk space, bandwidth, etc.)

The key here is to avoid free hosting. If your web site is important to you as a communications tool, then invest the dollars in using a sustainable web host. Several companies focus on WordPress as a part of their business plan, including Wired Advisor, an industry-focused digital solution from Stephanie Sammons, a traditional web host in Media Temple (recently became a GoDaddy subsidiary) or a WordPress-only solution like Flywheel.

If you are seeking a comparison against using WordPress, the number one alternative to consider is SquareSpace.


Perhaps the most important steps to take in using WordPress are implementing solid security and data backup solution.

From a security perspective, protecting against the traditional WordPress attack, which is typically an attempt to compromise the admin login for your site, is paramount. In addition to plug-ins suggested below, also ensure you set up a separate administrative user and remove the default admin user from the system.

These plug-ins all seek to accomplish the same goal — better secure your web site. You can evaluate the options among the three to determine which is most effective for your site. VaultPress does have an advantage as it was built by the same folks who develop WordPress, so there are no concerns over integration or stability.


• Automattic built VaultPress to tightly integrate and provide options for real-time backup and security,

• All-in-One WP Security Firewall plug-in,

• iThemes Security Pro

Like any other information we develop and store, backing up a web site is key to allowing easy recovery when problems occur. The data a WordPress site contains is more than just the content you post. It includes the theme you’ve purchased or designed and plug-ins installed to power your site. Having an easy way to back up and quickly restore all of these is critical.


• Backup Buddy, a WordPress backup that integrates to Amazon Web Services and Dropbox among other services,

• VaultPress again makes this list, offering varying levels of automated backup and even one-click restores.


One of the best parts of WordPress is being able to identify a theme that gives you all the fundamental components of a web site pre-built — allowing you to customize as much as needed to make your site unique. While there are a few optimal free themes, it is best to pick from an established, premium theme-maker to insure they will keep pace with WordPress updates.

Some well-known theme-makers include:

• DIY Themes — the makers of Thesis, one of the most customizable themes available.

• Genesis — a framework approach, offering an array of themes that work within the Genesis system.

• Woo Themes — also a framework, providing a catalog of themes as well as an e-commerce component.

It can be tempting to get elaborate with plug-ins once you realize the nearly limitless capabilities within WordPress. However, it’s best to choose plug-ins wisely and limit them to those required to power your site. The more sources of software for your site means the balancing act of making sure everyone stays updated with the current version of WordPress.

Some final excellent plug-ins that offer versatility include Akismet (spam filtering of comments), WordPress SEO (a plug-in from Yoast that offers strong search engine optimization capabilities) and WP-Touch Pro for adding responsiveness to your web site (if not using a purely responsive theme).

Blane Warrene speaks and writes frequently on technology and the intersection of marketing and compliance in financial services. He co-founded Arkovi and QuonWarrene, and produces the Digital Well podcast.

Article source:

Related Posts