Wordpress Archives - Posmay Media

Category Archives for "Wordpress"

WordPress Security: 10 Tips For Keeping Your Site Secure

This post I answer the important question ‘How do WordPress websites get hacked?’ and I provide 10 tips on how to keep your WordPress site safe.

How do WordPress websites get hacked?

The vast majority of sites being hacked are not hacked by some human siting in a dark room wearing a hoodie. Majority of hacks are automated and are conducted by computer programs (also referred to as bots).

  • 41% get hacked through vulnerabilities in their hosting platform
  • 29% by means of an insecure theme
  • 22% via a vulnerable plugin
  • 8% because of weak passwords

This concludes that the vast majority of site hacks are being caused by compromised hosting platforms, vulnerable themes, insecure plugins or due to weak passwords.

Another thing to understand is that hacking into a site by guessing a password is also not done by a human. Most password hacks are called brute force hacks, which means that an automated program (or a bot) identifies your login page and tries logging in with different combinations of username and passwords. A bot can cycle through thousands and millions of combinations within a very short space of time.

Now that we know what causes most hacks, I'd like to share with you what we can do about preventing these hacks.

How To Keep Your Site Safe 

I’ll share 10 recommendations that will help you keep your site safe.

1. Choose A High-Quality Hosting Provider

Posmay Media offers Concierge WordPress Hosting Plans that include free WordPress maintenance. We take care of all the technicalities on your behalf, so you can focus on growing your business.

If you prefer managing your own hosting, then we recommend Dreamhost (if you're just getting started) or WPX Hosting (if you need more advanced hosting).

2. Perform Regular Backups

This cannot me understated! Make sure to have a backup strategy in place. There are multiple options for creating reliable and automated backups of your WordPress site. We use and recommend the All-In-One-Migration plugin together with Dropbox cloud storage. 

3. Fortify Your Login

Strengthen your login by implementing the following steps:

1. Always use strong passwords for all accounts — https://strongpasswordgenerator.com/
2. Keep passwords safe — Store them in a secure place, like a password manager app
3. Avoid using the default admin username for any accounts
4. Force strong passwords — make it compulsory for all users to use strong passwords
5. Limit login attempts

4. Add SALTs To wp-config.php 

Make sure to add these random strings to your wp-config file to add another layer of protection. Dreamhost's One-Click installer adds unique SALT's automatically. 

5. Set A Unique Table Prefix

Make sure to set a unique table prefix to your MySQL database when installing WordPress. Dreamhost's One-Click installer adds a unique table prefix automatically.

6. Keep WordPress Up To Date

Conduct regularly WordPress maintenance and keep your WordPress core files updated. Before updating, always create a backup in case something goes wrong.

7. Use Premium Themes and Plugins

Always make use of premium themes and plugins that are reliable and maintained. There are endless free themes and plugins available online, but many of them are not updated and can introduce unwanted security risks to your site.

We use and recommend Thrive Themes, as they have a great toolbox of themes and plugins to help you optimise your site for conversions.

8. Keep Themes and Plugins Updated

As part of your regular WordPress maintenance, make sure to keep all your themes and plugins updated.

If WordPress maintenance is something you'd like to outsource, consider our Managed WordPress Hosting Plans that incl. free minimal WordPress maintenance.

9. Keep Your Computer Clean

Keep your computers operating system updated and uninfected. Avoid any software that may compromise your system including Malware and Viruses. 

10. Stay informed and up to date.

Keep yourself informed with regards to WordPress developments. At times critical security breaches get announced or a new update needs to be applied. Whoever is in charge of managing your website(s) needs to stay in formed.

Get the Posmay Media Newsletter

Weekly insights & the latest content straight to your inbox. 

How To Create A Self-Hosted WordPress Website in 3 Steps

Setting up your own self-hosted WordPress website is a simple 3-step process, which will only take a few minutes. The instructions on this page will walk you through the process.

Important: To complete the above action items you will need your email address and a credit card. Make sure to read all the instructions on this page, before clicking through to any other page. For this tutorial we'll be using Dreamhost as our trusted hosting provider. We've used Dreamhost for over 10 years and highly recommend them.

Step 1: Set Up Your Hosting Account

We trust and recommend Dreamhost as a reliable web hosting provider. Their affordable shared hosting plan is ideal for new WordPress users just getting started. They also provide more advanced plans for when your website and audience grows. 

During the account creation process, you’ll have the opportunity to also register 1 FREE domain name (for example yourbusiness.com). Click the button below to get a $25 discount + 1 FREE Domain name

Already have a domain name registered that you'd like to use? If yes, then you will need update the domain's DNS settings records for that domain to point to Dreamhost's servers.

The nameservers for all domains managed by DreamHost are set up using the following:

  1. ns1.dreamhost.com
  2. ns2.dreamhost.com
  3. ns3.dreamhost.com

Step 2: Add Your Domain To Your Hosted Domains

In order to install WordPress on your domain, you will first need to add hosting to the domain you'll be using. In order to do this you will need to login to your Dreamhost panel, click through to the 'Manage Domains' page and then click on 'Add Hosting to a Domain'. Fill in the page and click on 'Fully Host This Domain'.

Your new hosting setup will take a few minutes to configure. You should receive an automatic email from Dreamhost confirming the changes that you have made. 

The video below walks you through this process.

Step 3: Install WordPress with the One-Click Installer

Inside your Dreamhost panel, click through to the 'One-Click Installs' (under Goodies). Next click on 'WordPress', select the domain from the dropdown menu and uncheck the 'Deluxe Installation' option. Click 'Install It For Me Now'. That's it, you've initiated the installation!

Dreamhost will automatically install WordPress on your domain. Keep an eye on your inbox, as an automatic email will be sent to you as soon as the installation is ready for completion.

To complete the installation, you'll need to click on the link in the email from Dreamhost. The link will take you to a page on which you will need to complete the installation and setup your initial admin user - this will be the account with administrator access. 

The video below walks you through this process.

Get the Posmay Media Newsletter

Weekly insights & the latest content straight to your inbox.