February 23, 2012

Security Tips for Your WordPress Website

By Jacob Smith

When it comes to building trust with your customers online, nothing is more comforting than those cool green letters in the top left of your browser bar:

While security is a critical component of accepting credit cards online, it’s not always easy to perform at a high level – especially if you are active on your website adding new features, pages, and tools to attract and enrich your audience.

A Few Tricks for WordPress Users
The most popular CMS on the internet happens to be WordPress, and with good reason!   It’s easy to install, quick to learn, and through the help of thousands of theme developers and marketplaces like ThemeForest.net, you can have a pretty great looking website in a matter of days.  With the addition of popular plugins, like WooCommerce, Shopp, or WP Ecommerce you can even be running a powerful online store in minutes.  In fact, we run our website on WordPress!

So, how do you secure your website?  And how do you convey to users that you are secure? Here are some simple and practical tips:

  1. Get an SSL Certificate!
  2. Choose a webhost that offers some level of security baked into their platform and has expertise in WordPress.  Check out WP Engine and Page.ly for two popular choices.
  3. Augment your SSL certificate and hosting with a service like CloudFlare, which protects your site from attacks at the network level – literally blocking bad traffic before it even gets to your website.  They offer a seamless WordPress plugin to help implementation, and it works with common caching plugins like W3 Total Cache.
  4. Test your website for security.  A great free options is WP Security Scan.
  5. Utilize a plugin to direct site content like images and scripts on key pages through to HTTPS.  This ensures your visitors don’t get that annoying “some items on this page are insecure” notice.  We recommend the ubiquitious and WordPress HTTPS plugin.

The most common sense tip is also the one that is easily forgotten: test your website regularly.  Pretend that you are a “common” visitor by first taking a look at your analytics to see what kind of platform the largest percentage of your visitors use – then go find or mimic that setup (Windows + IE7 could be more common than you think!) and see how secure your WordPress website feels.

  • Are there warnings or errors?
  • Are you missing HTTPS on any sensitive pages, such as the checkout or “My Account” areas?

Take a look, you’ll be glad you did!

Tags

Other Posts by Jacob Smith: