Is your WordPress management strategy proactive, or reactive?
There are ways to be proactive about the way you approach WordPress management and security. Taking the time to adjust your thinking, learn new things and adapt your workflows can really go a long way toward keeping your sites secure and reliable.
Google the term “WordPress security and you’ll find lots of almost universally suggested security tips. All are somewhat proactive in nature and are designed to keep the bad guys from brute forcing or guessing their way into your WordPress sites. This includes:
- wp-config.php tweaks
- Having no “admin” or “administrator” username
- Having no user number 1 in your database
- Randomizing your WordPress database table prefix
- Vetting your plug-in, theme and widget sources
These are all great suggestions that we agree with, but lets take a look at how the vast majority of WordPress users do things. This is especially true among creative, non-technical users and small agencies.
- WordPress is installed using a “one-click” installer in a hosting control panel (i.e. Cpanel)
- WordPress defaults are left “as-is”
- WordPress is left to manage everything automatically (i.e. updates, patches, etc.)
- Site monitoring and metrics are confined to the “good stuff” (i.e. traffic, click throughs, conversion rates, etc.)
- PANIC ensues when a site is hacked or defaced
Security plug-ins are often viewed as getting the job done, but they are likely the most REACTIVE measure ever taken. Why? Because especially the free versions of these tools are primarily focused on detecting a “hack” after the fact and alerting you that it happened. So basically … cleaning up a mess after the fact.
Why not just prevent a hack from happening in the first place? Nothing is 100% guaranteed, but just embracing some new ideas about WordPress management, and learning new tools and workflows, can really go a long way here.
How can you be PROACTIVE with WordPress Management?
- Respect the strengths AND WEAKNESSES of WordPress. Its awesome, but it does have some holes.
- Don’t expect WordPress to be fully automatic. This is not “set it and forget it”!
- Accept responsibility for the security and reliability of your WordPress sites. There’s work to be done here!
- Learn and adapt accordingly!
Lets look at specific action items:
- Learn to install, update and patch WordPress without using your control panel or the management GUI
- Learn how to customize WordPress without using your control panel or the management GUI
- Gain a basic understanding of server file ownership and permissions issues. This is the key to the whole affair!
- Learn to use and integrate new tools into your workflows.
- ASK AN EXPERT FOR HELP! (Hint … WE’RE EXPERTS!)
Like this article and video? Share it with your friends using the #WordpressWisdom hashtag on social media! Follow drewlinsalata on Twitter, Instagram and Snapchat and why not use the handy form right on this page to subscribe to our free newsletter? We’ll keep you informed when new articles and videos are available.