Securing WordPress websites
4 July 2017
Website security requirements have changed a huge amount in the last few years. It is now more important than ever, and we’ve done a lot of work recently to find the best security stack for our clients.
To begin with, it is really important that your website is hosted on the best possible platform. For us, that usually means either WP Engine or Cloudways VPS. The choice of host is really based on predicted traffic – Cloudways VPS is better for high-traffic websites because of it’s scalability, and because you only pay for the extra CPU/RAM etc while it is needed, whereas WP Engine is the best value platform for medium-level traffic websites, where large data spikes are less likely.
We then insist on a cloud-based firewall (as opposed to the far inferior plugin or file-based firewalls). Here, Sucuri is our preferred platform, with a great mix of affordability and protection. We now recommend Sucuri for every single site we build, regardless of it’s size or expected traffic.
(One of the great advantages of the WP Engine hosting platform is that the Sucuri infrastructure is integrated into the hosting, and optimised perfectly for WordPress. If Cloudways VPS is a preferred platform, then we insist on Sucuri being implemented separately.)
Sucuri also comes with a very efficient malware clean-up service.
We also implement Let’s Encrypt SSL certificates on all new sites to encrypt data and login pages.
One other really important aspect of website security is keeping on top of core and plugin updates. We manage all of our websites via a system that allows us to see, at any point in time, what plugins need updating. This means that plugins are often updated within hours of updates becoming available. We manage this through our care plans.
And finally, in addition to the typical thirty days of backup history that our two recommended hosting platforms keep, with our care plans we also keep a ninety day backup history of your site, so that we can roll back to any point within that period if required. The backups are stored securely in the Amazon cloud on their Europe-based server infrastructure.
So if you're worried about the security of your website, talk to us. We can provide the most effective security available today, at very cost-effective prices.