Keeping your WordPress Site Secure

3 July 2013


Sydney: It was journalled lately about the huge security attack that’s being waged against WordPress-based websites. This is a genuine problem, given that WordPress is the single most popular web publishing platform on the planet. Here I am giving some tips for keeping a WordPress site spam-free, secure and backed up.

A decade ago, this kind of advice would have been targeted at techies and network administrators, but the wildly winning platform has brought web publishing within the grasp of everyone.

WordPress users soon discover 3 things. First, the biggest publishing platform draws the most hacker attention. There is a mass of techno-sociopaths out there attempting to inject malicious code into sites and often succeeding.

Next, if the public can leave comments on your site, you will be plagued with spam comments that are actually promotional links back to someone’s usually dodgy website.

Third, if your site isn’t backed up, you will be in for a world of pain if it somehow gets damaged.

For WordPress security, we can’t suggest Sucuri’s solution highly enough. First, it tweaks your site to better repel invasion. Then it scrutinizes it around the clock and sends a notification if malware is sensed. It inspects the server from the outside and also under the hood, so picks up issues at every level. Then comes the best part: if a hacker breaks through your defenses and the site is compromised, Sucuri will somewhat clean it up, sometimes within minutes.

Sucuri isn’t fussed if you sign up for service on a site that’s already infected. A clean-up usually undoes the damage.

Internet Blacklists, the Worst Fate

Speed is of the essence when a website is compromised. Readers and customers may be harmed, your server could be spewing spam on behalf of a third party and the risk of reputation damage is high.

Before long, your site may be sensed and blacklisted. In the worst case, where a site is added to internet blacklists, Sucuri will arrange its delisting.

For a single site, Sucuri costs $US90 ($98) a year. For up to five sites, it’s $US190.

Now we say that if a business can’t afford a Sucuri subscription, it can’t afford a WordPress site.

Nobody likes to fess up to having been compromised, but our own telco regulatory site was hit in the firefight. Thanks to Sucuri, no harm done. There are other WordPress safety solutions, to be sure. The Wordfence plug-in is a fine option and can work together with Sucuri if you want belted-and-braced protection.

There is also a variety of solutions to the curse of comment spam, but we rely on Akismet. It’s built into every installation of WordPress, but only sets off when you install a key supplied by the service provider. For low volume non-commercial use, it’s free. A typical business site costs $US5 a month to protect.

Without a spam filter, you have two options. WordPress will hold new comments back from publication until you have accepted them. But anticipate to waste time frequently trashing the pile of spam you’re sure to attract. Otherwise, turn off comments altogether. Neither option is tempting. Akismet disposes of almost all trash comments automatically. Suddenly it’s safe to allow legal visitors to interact with you via your website again.

Back it Up

Our WordPress back-up tool of choice is BackupBuddy. It can take a full copy of your site, together with settings and content, and store it on your WordPress server or in Dropbox or Amazon S3 storage, on your local hard drive or using BackupBuddy’s Stash cloud service. There’s also a 1GB starter account thrown in with every copy of the usefulness.

BB has just undergone a major upgrading, letting it to restore individual files for the first time. At $US100 for a license that covers up to ten sites, is another must-have WordPress security alternative.

The days when a business had a single website are gone. With its ease of deployment, WordPress is a great way to present numerous faces to the world, as long as you have security, spam and back-up covered.

Read more: WordPress Website Development


  • WordPress Development in Sydney
  • Drupal Development in Sydney
  • Joomla Development in Sydney
  • eCommerce Magento Sydney
  • Web Development Sydney
  • Web Design Sydney
  • jQuery development Sydney
  • Zend framework development Sydney
  • Airline IBE GDS Integration Navitaire Sydney
  • Airline IBE GDS Integration Aamadeus Sydney