WordPress is a veritable Swiss army knife for modern web designers. If there’s anything you want to do on a site, you can usually find a plugin or set of plugins to accomplish it with WordPress. This diversity and flexibility has a cost, however, when it comes to the long-term security, speed and stability of your WordPress site. Fortunately, by following a few simple guidelines you can tap into all this flexibility while maintaining these important characteristics. We’ve also taken the liberty of prioritizing these guidelines to help you tackle them in order of importance.
Whether you are running an online store with WooCommerce, running a popular news site, or even just casually blogging, security needs to be at the very top of your list of considerations. WordPress does its part to protect your site. It enforces strong passwords and offers brute force protection through plugins like Jetpack. You also have to do your part, too. Some of the recommendations on this list may seem plainly obvious. You’d be surprised, though, at how many site owners forget to implement some of the easiest preventative measures:
Never EVER Create a User with the Name “admin”
This is by far the most common username attempted by brute force attackers, whether or not the user exists. The chances of a successful brute-force attack on your website is astronomically higher simply by having a user with this username.
Pick Strong Passwords When Creating a User
WordPress has a built-in password strength meter, and it’s a pretty reliable way to know whether or not your password is secure. So make sure you pick a strong password.
Periodically Change Your Password
Changing your password from time to time makes it harder for someone to hack your WordPress site. Most people don’t implement this technique because it can be a pain in the neck to keep track of changing passwords, especially if you are managing multiple WordPress sites. Fortunately, there are a number of affordable password managers that make changing and managing multiple passwords a snap. So use one and keep one step ahead of the hackers.
Keep Your Software Up to Date
The work represented by this item grows exponentially as the number of sites and plugins that you manage grows, but it’s critical to keep your software updated to thwart malware attacks. This needs to occur on your local computer, which means keeping your operating system and web browser up to date.
Luckily, most OS-es and web browsers offer the ability to automatically apply updates. In terms of your WordPress site, this means keeping the WordPress Core, themes, and plugins up to date. If you’ve purchased a premium theme or plugin, it’s best to keep the contact info of the developer or the merchant that you purchased them from. That way, whenever an update is issued, you can promptly obtain and install it.
Because updates are so difficult to keep up with, our team takes care of WordPress Core updates.
Install a Plugin That Protects Against Brute Force Attacks
One of the most common attack vectors on WordPress sites involves brute force attacks. Brute force protection plugins prevent these types of attacks by limiting the number of login attempts originating from an IP address. We recommend installing Jetpack and leveraging its Protect feature. One of the benefits of using Jetpack Protect is its ability to crowdsource attack sources across the entire network of sites running Jetpack. If any site in the network is hit by a brute force attack, the entire network is protected from that attack source.
Get an SSL Certificate
Free SSL certificates are one of the easiest ways to increase your site security. SSL certificates help encrypt data going back and forth between a browser and a web server, which secures everything from passwords to credit card numbers. How do you install an SSL certificate onto your site? Simple: ask Pressable. We install SSL certificates for you, for free. If you have a site that needs an SSL certificate installed, submit a support ticket and our team will install one for you.
Having a fast site is important for two reasons. First, speed helps with SEO. Google, for example, ranks sites higher for SEO if the site loads in less than 2 seconds. This is especially true on mobile devices. Second, a fast site creates a more enjoyable experience for your end-users, which leads to higher conversions. Here’s a shortlist of guidelines that you should implement to ensure that your sites load quickly:
Keep the Number of Active Plugins to a Minimum
Fewer active plugins means that fewer resources are being consumed on your server every time a page is requested, which means you’ll have more resources available to serve pages quickly. So take a look at your plugin list, and deactivate any plugins that you don’t currently use. Also, check to see if Jetpack has a suitable replacement for any of your plugins. Jetpack’s functionality runs on its own servers, not the servers that run your WordPress site. So the overhead of using Jetpack functionality is negligible.
Avoid Using Site Builder Plugins Whenever Possible
Site builders make it really easy for non-technical users to create visually compelling WordPress sites, but they do so at the cost of adding an extra layer of interpretation before presenting your site’s pages to visitors. In other words, your web server has to work harder to render these components, which slows down your page load time. Whenever possible finding a theme that is able to achieve the style that you’re looking for without enlisting the help of a site builder plugin. At the very least, see if the design and layout that you are trying to achieve can be accomplished using a lightweight shortcodes plugin.
Some of the best stability-minded practices are good for site speed and security, and vice-versa. Because these practices complement each other so well, you may start to see a bit of redundancy in the guidelines provided, but for completely different reasons.
Keep the Number of Active Plugins to a Minimum
Wait a minute, wasn’t this the first bullet in the last list? Yes, it was. But keeping the number of active plugins to a minimum also helps with stability. Think of your site as a game of Jenga. The higher that the tower becomes, the less stability it has. Its center of gravity get’s higher with every row of blocks you add to the top. This continues to happen until it tumbles. As you add plugins to your site and they begin interacting with one another, you are adding more opportunities for instability to occur. So whenever possible limit the number of active plugins on your WordPress site.
Keep Your Software Up to Date
Yet another repeat, but hear us out. With stability in mind, the approach is a bit different. First of all, you want to keep your themes and plugins up to date in much the same way as discussed before. But we also recommend closely looking at each plugin that you install to make sure that it’s actively maintained to be compatible with WordPress. Avoid plugins that are maintained infrequently or not at all.
Check the Reputation of a Plugin Before You Install It
Before you install a plugin, check out its rating and any feedback provided by users. If there seems to be a consensus in the feedback that a particular plugin is prone to problems, you can save yourself some time and pain by looking for an alternative.
The vast majority of these guidelines may seem like common sense, but very often we overlook the simple things that can make our lives as WordPress administrators easier. So although they may sound simple, the trick is consistently applying them. One tactic that may help is to create a checklist based on this list and make it a point to review it on a regular basis. For just a small investment in time, you’ll benefit from a better performing site and probably sleep a little easier at night.
Jessica serves as the Director of Operations for Pressable and spends her days focused on creating the best managed WordPress hosting experience possible. She's been using WordPress since 2008 and has been serving in WordPress-focused roles since 2010. When she's not working, you can find her spending time with her family, serving in her community, watching hilarious dog videos online, or brewing a pitcher of iced tea.