One of the realities of publishing online is that there is always some risk of your site being compromised in some way or another. However the weight and possibility of such an event can be greatly reduced if:
- the site is regularly backed up
- the site is regularly monitored for security breaches
- the code is kept current
What to back up:
- database
why?: the database holds all of the text content of the site as well as most of the settings information - theme files
why?: these files are the most common place for link injection and other malicious code compromises – being able to restore this code in its’ un-violated form is very handy - uploads folder
why?: images are not contained in the site database but rather in the uploads folder … if the site needs to be rebuilt the images will be needed! - wp-config file
why?: this file contains database connection information and if it is ever hijacked could mean the site would no longer be in your control – being able to restore this code in its’ un-violated form is very handy - .htaccess file
why?: this file contains supplementary server commands that govern how the site behaves – being able to restore this code in its’ un-violated form is very handy - robots.txt file
this file advises search engines how to interact with your site – being able to restore this code in its’ un-violated form is very handy
Ways to monitor the site’s overall security:
- if you are familiar with how rendered code should look viewing the source code of the site will often reveal issues – link injections and other such javascript violations can be quite visible in the rendered code
- connecting the site with google and bing webmaster tools gives you access to their security tools – and the only path to recourse if your site is compromised and blacklisted
- here are three useful links:
sucuri.net
unmaskparasites.com
www.stopbadware.org
Keeping code updated
Core code and plugin code are being consistently updated and a significant portion of those updates are security related. When updating code, it is important to keep reliable backups in case of quirks and conflicts.