WordPress self-hosted websites can be very sophisticated. So therefore also are the range of hacker vulnerabilities.
How do you secure your site? Have you been hacked, need help?
This is normal. Because under-managed websites are normal. It used to be that you put up a page and things were “static.” Not so nowadays. Any Web Presence needs persistent care and feeding. Most especially where Security is concerned. New exploits emerge almost daily. Keeping up with patches and upgrades? Critical.
There are no technical suggestions here. Just ones for managers who wear all the hats at once. (As does Yours Truly.)
We’re devoted to demystifying this stuff for the small, independent operator. We don’t actually think you should afford people with IT certifications on the payroll.
So, one best practice (and certainly a minimum for anyone who isn’t a developer or doesn’t have the vast quantities of spare time to invest learning — and then keeping up with — the ever changing security ecology of websites) — is to contract for your coverage.
- First recommendation: Get clean, get secure. http://Sucuri.net
- Second recommendation: Host with an aggressive, muscular provider. http://wpengine.com
- Third recommendation plugins: Operate in layers. https://ithemes.com/security/wordpress-hack-repair
- Fourth recommendation: Act on notifications. Subscribe your most monitored email account, perhaps even to text messages. You should know long before someone reports it to you.
A great free tool to catch almost anything — as a surety against gaps in your perimeter defenses — is to add your site to Google Webmaster tools.
At the end of the day, by moving to a shared hosting scenario, you’ll deliver better results not only in the security spectrum but performance. Shared hosting is inevitably a cloud of servers and these automatically scale to accommodate loads.
Get faster, get shared. Get secure, get managed.
If you don’t require customizations that can’t be delivered with a site on WordPress.com, don’t let anyone talk you into Self-Hosted.
The driver is: What am I doing that I can’t accomplish except by going self-hosted. Can I dump that? (Critical decision making flowchart involving this issue and the one of choosing consultants at that Link. Enjoy.)
And if you can’t dump that unique widget, think (very seriously) about outsourcing that function to a third party.
Or, dump the new science and go back to smoke signals, sneaker net and snail mail.
By the way, we just recently used a resource (not listed above) to salvage a hacked site. He deserves mention.
Andrew at http://FixWordpressSite.com
His specialty is responsiveness … but be patient, he bounces from issue to issue helping others simultaneously. If your site was hacked you’re not alone and you’ll appreciate Andrew.