Keeping your WordPress site secure and healthy

One of the realities of publishing online is that there is always some risk of your site being compromised in some way or another. However the weight and possibility of such an event can be greatly reduced if:

  • the site is regularly backed up
  • the site is regularly monitored for security breaches
  • the code is kept current

What to back up:

  • database
    why?: the database holds all of the text content of the site as well as most of the settings information
  • theme files
    why?: these files are the most common place for link injection and other malicious code compromises – being able to restore this code in its’ un-violated form is very handy
  • uploads folder
    why?: images are not contained in the site database but rather in the uploads folder … if the site needs to be rebuilt the images will be needed!
  • wp-config file
    why?: this file contains database connection information and if it is ever hijacked could mean the site would no longer be in your control – being able to restore this code in its’ un-violated form is very handy
  • .htaccess file
    why?: this file contains supplementary server commands that govern how the site behaves – being able to restore this code in its’ un-violated form is very handy
  • robots.txt file
    this file advises search engines how to interact with your site – being able to restore this code in its’ un-violated form is very handy

Ways to monitor the site’s overall security:

  • if you are familiar with how rendered code should look viewing the source code of the site will often reveal issues – link injections and other such javascript violations can be quite visible in the rendered code
  • connecting the site with google and bing webmaster tools gives you access to their security tools – and the only path to recourse if your site is compromised and blacklisted
  • here are three useful links:
    sucuri.net
    unmaskparasites.com
    www.stopbadware.org

Keeping code updated
Core code and plugin code are being consistently updated and a significant portion of those updates are security related. When updating code, it is important to keep reliable backups in case of quirks and conflicts.