The internet is many things: it’s powerful and ubiquitous, vast and intelligent. But one thing it’s not: safe. When creating any new WordPress site, the first thing to think about is what happens if it’s destroyed. Two words: Disaster recovery.
Cyber threats are ever increasing in number, efficiency and sophistication. In 2015, zero-day vulnerabilities occurred every week, and over a million websites were attacked each day. It’s hard to overestimate the scale of the problem.
If you have a WordPress website, you’re no doubt aware of the terrifying and bewildering array of malware that’s out to exploit vulnerabilities and bring you down. The online world is crawling with bugs, worms, viruses, adware, spyware, ransomware, rootkits, Trojan horses and net bots. These can infect security holes, take control of our websites and use them to host bad content or to ‘spamvertise.’ They can spy on us, take sensitive information and personal records, and harvest customer data. They can hold us ransom and steal money.
WordPress plugins, extensions and themes are likewise vulnerable; some might simply be bad from the start. The more you customised your website, the more at risk it becomes.
Threats come from all directions, and in this dangerous, dog-eat-dog online world, we’d be foolish not to protect ourselves and prepare for the worst. The cost of having your WordPress site hijacked or destroyed is immense; think of the wasted hours and the damage to your reputation, user confidence and web ranking — and that’s before you include the cost of stolen data or money.
Start with little wins
A lot of automated threats pick off the weakest first, so taking even the simplest precautionary steps can make a big difference in the long run. Here are a few easy ways to secure your site quickly:
Secure your Login page and implement strong passwords, two-step authentication and limited login attempts.
Keep up-to-date, getting automated updates on your WordPress core, along with all themes and plugins (which you should keep to a minimum and carefully review before installation).
Note: GoDaddy Managed WordPress includes automatic WordPress core software and security updates.
Install security applications and web-application firewalls.
Limit access, changing file permissions, hiding author usernames and restricting user access.
Use .htaccess to protect your most important files (like your wp-admin directory and wp-config.php file) and use SSL to encrypt data.
Constantly monitor using logs to keep track of what’s happening on your website and files.
Steps like these go a long way to managing the risk and mitigating the threat.
Embrace backup plugins
With new ways of hacking and new vulnerabilities being discovered all the time, it’s vital that you have a last line of defense, the ultimate insurance policy for any kind of catastrophe: backup plugins.
Creating regular copies of your website is a vital.
Website backups turn a website disaster into a mild inconvenience, enabling you to set things right in a matter of minutes rather than hours, or even days. Whatever disaster befalls, good backups will save your bacon.
What’s more, backing up your website is quick and easy. Your web host may provide a backup service (GoDaddy Managed WordPress offers daily backups and one-click site restore, for example), although there are plenty of good plugins that are more comprehensive and convenient, and most of the basic versions are free.
When considering which backup to go for, it’s important to choose wisely. You need something that’s completely trustworthy, but also something that’s intuitive and has everything you want.
Here’s a checklist of things to look out for in a backup plugin:
Never take a risk on an unknown backup plugin. You need something solid, something tried-and tested: a plugin that’s widely used, with excellent reviews and a top-star rating. Check out the rating before you make your choice.
2. Cloud storage options
Using an offsite location such as Dropbox, Amazon S3 and Google Drive to store your backups means your backups remain safe even if your physical file server is destroyed.
They also give you anytime, anywhere access.
Astonishingly, some plugins backup to the same server as your website — avoid these if you want to keep your site safe!
3. Scheduling functions
Choose a plugin with a scheduling function to ensure that your backups take place automatically, regularly and consistently, with minimal effort on your part. Plugins can enable you to set up backups to take place daily, weekly or monthly at the time of your choice. How often you schedule in backups depends on factors like your website’s size, frequency of updates and daily traffic.
It’s ideal to have a plugin that can back up not just your website, but all related files and databases, including those not on WordPress. Some plugins can even import and restore backups that have been made by other backup plugins.
5. Ease of restoration
Opt for a plugin that makes backup restoration quick and easy. If anything bad happens to your website, the last thing you need is hassle in making things good again. Ideally, opt for a plugin that allows you to restore individual websites and files, too.
There’s no point in having a ‘last line of defense’ that isn’t robust against security threats – backups can also be hacked! Choose a plugin that encrypts your stored data and uses encryption when transporting your website to cloud storage.
Take some of the sting out of disaster recovery
Once you’ve chosen, installed and setup your WordPress backup plugin, you’ll barely have to think about backups again. That is, until the day of disaster, when you can easily restore your shiny, untainted website in a matter of minutes. The right backup plugin can take much of the sting out of disaster recovery. There’s nothing like the smug, satisfying feeling that comes from knowing that your foresight and preparation saved your WordPress website from disaster.