Introduction

The blog post is brought to you by WPDev – a WordPress Support and Web Development Service for Nigeria Entrepreneurs. http://wpdev.com.ng


Without doubt, WordPress is one of the most popular CMS and statistic has it that WordPress Powers over 26.4% of the Websites in the World as of March 2016. In my years of running a web development company, WordPress has been a helpful technology in building website and developing complex web application (by leveraging its API functions)

This popularity is due to its simplicity and open source nature – and this doesn’t come without its flaw – management and security issue. Due to its open source license, it has attracted different kind of people – from non tech savvy, web designer, internet entrepreneurs, web developers and hackers. This therefore make WordPress a two edged sword – opportunity and harm. Many have leveraged WordPress to build successful businesses, at the same time making WordPress number 1 target for hackers.

In online business, security of your site web presence is paramount. Therefore for the next few days, I will be running a series here on Nairaland, showing you steps by steps approach in keeping your WordPress website safe and secured.

Let get started:

1. Unique Username and Password

Let begin with the simplest one, before proceeding to the complex options. From my observation, one of the principal reasons why WordPress Site is hacked is because of poor username and weak password. Avoid using the default Wordpress Username: admin or any guessable username.

Basically the first step in keeping your site safe is avoiding the use of username like admin, administrator, site name or your author name. Many people don’t know that one of the principal method that hackers uses to gain access to the site is by trying different guessable username combination such admin, site name and other visible data such as post author etc.

Try and avoid this by using a unique username that is not easily guessable and if possible add some symbol to your username.
Note: if you have already using a username that is guessable – install the WordPress Plugin called Username Changer from WordPress Repository and change your username.

In creating a password, please ensure that your password is strong, there are some many free web tools that can help you create strong password. Basically a strong password should be made up of lowercase letter, uppercase, symbol and number. A combination of these four will make it very hard for any hacker to guess. For instance, you want to use “collin123” as your password. You can change this to something like: @COlliN_123.

From the above, the first is guessable collin123 (the Collin could be your name) but the second is not easily guessable.

Final Tips: In closing – I normally advise my clients to ensure they change their password every 3 months or 6 months depending on their choice. Many people think or believe that security is a onetime thing; no it is a continuous process.
Please also avoid using the same password for your social media and your important login such as email, payment gateway or website. This is because, if your social media accounts are hacked, then it means that any other platforms sharing the same password are vulnerable.

NB: Try and form a pattern of generating strong password and use that pattern to create password for different account – This method will help you remember your various password.

2. Website Backup
Many internet entrepreneurs fail to put a quality backup system in place. Backup is a paramount step in protecting your website. No matter the security measure you implement, putting a backup system in place is essential. It is more like staying one step ahead, because you never may know what will happen.

Last year, 2016, many of my clients, contacted me and asking for my help in regard to their site loss due to WhogoHost server failure. Luckily for them, I keep a backup of their sites but unfortunately for them – there was no way to recover their content. This meant that they had to start over again in creating content.

Yes, I partial blame WhogoHost because they are have in been in the business for a long time and should understands the unreliable nature of servers and at the same time should have create a backup – in their side – it was not professional.

Also I also blame the website owners – backing up your website is your responsibility and should be considers as part of your internet activity. Even the giant cloud hosting provider – Amazon AWS experience server failure. It means you shouldn’t rely on your host to backup your website expect they agreed to provide a premium backup service.

In order to appreciate the important of backup as a business owner, let put on our business cap.
Let’s assume you run an online business which you promote through your blog – by producing contents for your targeted customers and then something happens and your site is gone maybe due to server crash.

Assuming you have 150 blog posts that cost you N700 to produce (even if it is free, your time has a monetary equivalent)
1. 150 x 700 = N105,000 (or time equivalent)
2. Website Design and Other Theme and Plugin = N70,000 – 100,000
3. Search Engine Traffic will be lost
4. New Customers Lost.
5. Other Miscellaneous business expenses

Imagine the above listed items and what it means to your business. This means that your backup strategy is as important as your marketing strategy.

Now, how do I implement backup Strategy in my WordPress Site

Before you decide on the strategy. There are basically two type of backup:
1. Database backup
2. Full Site – WP-Content and Database

Your backup strategy should be based on two things
1. Publishing Calendar: How often does your site change
2. Nature of Content

Publishing Calendar
If you are freelancer that sells your service through your blog post and you publish 1 post per week – then your strategy shouldn’t be daily but weekly backup, but for news site that publish daily, then your backup plan should be a daily plan.

Nature of Content
The nature of your content will determine nature of backup – if run a blog and your content is mostly text and no image. Then database backup will be ok for you, but I will advise you to implement the full backup because it is now a norm in the blogsphere and among content marketers that relevant images enhance the impact of your blog post.
To setup backup in WordPress, there are free and paid plugin that can help you achieve that. These plugins can backup your site to your Dropbox, Amazon s3 or Google Drive. They are as follow:

1. UpdraftPlus
2. BackupWP
3. BackupWordPress
4. BackupBuddy (Paid)
5. VaultPress (Paid)

This Series will continue Tomorrow: 05-July 2017.
In the meantime, if you have any question, kindly ask.

Just as promised, Class no 2 has been added to the original post. It talks about the importance of Website Backup in regard to security, Deciding on backup strategy and how to implement such strategy in WordPress.

If you have any question, just drop it in the reply box.

Thanks

3. Limit Login Attempt
In section 1 of these of series, I mentioned that one of the way hackers highjack your website is by trying multiple combination on your website, although they use the assistance of bots in accomplishing this. But there is one way to limit and frustrate those hackers – by limiting the number of attempt on your website – this approach leads to frustration on the side of hacker, because it don’t allow them to try multiple combination at a go.
Install Login LockDown Plugin from WordPress Repository. Configure the setting and you are good to go.
Also please ensure you set the max attempt tries to 3. This will provide allowance in case you make any mistake during login.