What is a WordPress strategy and why do you need one – Part 1: Security

We look at defining a four-stage strategy for WordPress website development, starting with website security.

Here’s some advice that I give to most of my clients, as it’s essential to website creation and development: You need to have a plan for your website.

My clients typically know what they’re looking for in a broad outline sense, but they rarely offer a considered plan or details on how they’ll achieve their goals.

Without an established strategy, the result is always the same. As a result, the creation and maintenance of the website are more complex than expected, and it takes a longer time to grow an audience, who are generally potential customers.

I build WordPress websites around a four-point strategy, which I’ll elaborate on more in future articles. For the time being, I’ll be excluding e-commerce (WooCommerce) websites, as I have additional strategy points specific to e-commerce sites that I’ll also cover separately.

The four pillars of a healthy, clean and prosperous site are security, optimization, content, and SEO. In this article, I’ll cover off WordPress security.

WordPress Security

I very often encounter clients with established websites that do not have a minimum standard of security. Unfortunately, it’s a crucial issue that small businesses often overlook, thinking that hacks only happen to the big players. Let me assure you that you’re not immune to targeted and non-targeted attacks.

To help you understand the context of website security, we block hundreds of attacks of all types every day on Jenkins Digital’s managed websites. That’s not to mention the thousands or tens of thousands of visits from malicious robots that we mitigate through baseline security configuration.

In addition to the apparent protection of your site against attacks, loss of data or credit card fraud, it is also important to act proactively against the bots that browse your site in search of information.

These bots use your server resources and therefore slow down your site for real users, impacting their experience and increasing the risk of abandonment while browsing/buying.

As with all security-related articles, I’ll say it here: installing a free plugin that “handles security on its own” is not enough. Instead, proactive reporting and inspection of your website is key to ensuring robust security.

Here are some tips (among others) to keep your site secure:

SSL/TLS Certificate
Modification of the login URL
Automatic logout
Blocking PHP from external sources
Blocking the WP editor from external sources
Blacklist of malicious robots (IP block)
Installation of WAF (blocks known hacks)
Regular update of security keys
Regularly updating and clearing cookies
Regular analysis and resolution of security vulnerabilities

And above all, ensure your keep your plugins/themes updated! Patching is critical to ensure that your website has protection against identified security vulnerabilities.