Welcome Back!

Security is something that is little understood and often overlooked. Regardless of what hosting companies may tell you, WordPress – straight out of the so called “box” – is very secure. That doesn’t mean that we should be lax in our vigilance. The opposite – in today’s world of aggressive hacking attempts, we should be very vigilant.

What is a Security Audit?

A Security Audit is the process of checking your website for signs of a security breach. You are looking for signs of suspicious activity, malicious code or simply a drop in performance. The simple steps can be performed manually or you can use a tool or an online website to automatically do the various checks for you.

How often should a website be audited?

A security audit should be carried out quarterly or where there is suspicion that something is wrong.

Step 1: Software update or WordPress version update

WordPress updates are really important to help with your site’s security.

As you can see in the above screenshot, whenever there is an update available, it will be visible as a number in a circle in the “Updates” section. These available updates may be WordPress updates or plugin updates. Regardless, they should be addressed as soon as possible in most cases.

Step 2: Keep plugins up to date

Plugins are collections of code that perform a specific function on your website. Their developers regularly add functionality or respond to known security threats. When an update arrives for a plugin, a number in a circle appears beside the Plugin entry on the dashboard. Make sure updates are done in a timely manner.

Step 3: Check user accounts and passwords

Check that all users need to be present with the current privileges. To do that, click on users and then check the folks in the various categories. Click on each category and make sure all the users of that category need that level of access to your website.

Once you have done that there is one more aspect of Users that needs to be paid attention to. Go to Settings and scroll down a bit looking for the area depicted below:

The vast majority of sites will want to prevent just anyone from registering. This encourages spam signups that are completely unnecessary. Check your site and make sure this box is unchecked.

Step 4: Check automatic WordPress backups

Although automatic backup plugins are fairly reliable, make sure that you periodically check to make sure they are still doing their job and you can see indication of a recent back up being completed.

Step 5: Scan your website for signs of problems

There are quite a few plugins that can be used to scan your website for problems. I’ve mentioned in the past that I’m fond of WordFence. There are other options available but whatever you choose, choose something!

It is also advisable to scan for other indications of problems. For that job I like to use IsItWP Security Scanner. This is a website that will do a brief scan of your site.

I hope this short list is something that you consider to be doable! Keeping on top of the security of your website will help avoid big problems in the future.

I hope you enjoyed this post. Please use the share buttons below to share with friends that might benefit from this information. If you haven’t already, please subscribe to my blog using the form below.

Enter your email address

Sign Up

The post How to perform a WordPress Security Audit appeared first on Bakerview Consulting.