Here are some of the “snippets” from my upcoming book “1000 Things Every Business Owner & Manager Should Know About Internet Marketing.

Chris Jaeger
Executive Director & Founder
International Association of Wedding Industry Professionals.

WordPress is a popular content management system (CMS) that makes designing, building, and managing a business website easier. But like most website development platforms, it requires some very basic but very important ongoing management.

There are many alternatives to WordPress as a CMS, including Joomla, Drupal, and CMS Made Simple. Other popular website design-build options include Shopify, Wix, Weebly, and Squarespace. Working with a tight budget? Try Google Sites.

Without basic WordPress management your website becomes more likely to be hacked. Out-of-date WordPress installs and out-of-date plugins make it easier for hackers find vulnerabilities and compromise your WordPress website.

Can you do basic WordPress website management yourself? Absolutely. The two most important things to manage (and update) are your core WordPress software and WordPress plugins. These are both easy to manage through your WordPress Dashboard.

How do you know there are updates available for your WordPress installation? Login to the WordPress Dashboard and in the left column of options, at the top under Home, look for Updates and a small orange ball with a number in it indicating the number of updates available.

Keep your WordPress software up-to-date. The “core” WordPress software updates multiple times throughout the year (15-20). I’ve seen it updates multiple times within 30 days. Updates address issues like new features, bug fixes, performance enhancements, and in many cases security.

Install a notification plugin that alerts you to upgrades that are available for your WordPress website. I recommend WPS Updates Notifier by Scott Cariss. It has over 10,000 installs and is 4 star rated.

Use plugins sparingly. WordPress plugins can create overhead and in some cases may create problems at your website. Some plugins don’t work well with other plugins. Some plugins may conflict or not work properly with WordPress themes.

Avoid “shiny new object syndrome” and using new WordPress plugins without careful thought. Do you REALLY need a new plugin to manage the footers at your website, a feature already built into WordPress? Do you really need fancy drop down menus?

Use WordPress plugins that are listed in the WordPress Repository. Authors of these plugins play by the rules at WordPress in order to be listed in the official directory. Use plugins NOT in the WordPress repository with caution, or avoid them altogether and find a plugin that does what you want to do that is listed in the repository.

Avoid plugins that have fewer than 100 installs and be careful using plugins with less than 2500 installs or less than 4 star reviews. You can find these numbers in the WordPress plugin repository for the plugin you are considering.

The best defense is a good offense when protecting your WordPress website from hackers and malware. One quick and easy way to keep out amateur hackers is to move the default WordPress login page location. Basically, you are moving the “front door” of your WordPress site. It’s a little tricker to get into a house when you can’t find the front door. The plugin I recommend is WPS Hide Login by Remy Perona (WPSServeur). You’ll find it in the WordPress Plugin Repository here:

The best defense is a good offense when protecting your WordPress website from hackers and malware. Another solid line of defense can be created with the WordFence Security plugin. With over 22 million downloads, Wordfence is the most popular WordPress security plugin available. Wordfence Security is 100% free and open source. You’ll find it in the WordPress Repository here:

Turn off the WordPress commenting option if you don’t plan to actively promote commenting or don’t want to manage comments (i.e. reply). You can turn off comments, or modify other comment settings, in the WordPres Dashboard under SETTINGS | DISCUSSION.

Remove the default themes that come with an initial WordPress install if you aren’t using them or plan on using them – most businesses won’t.  Overtime these inactive themes become outdated and removing them is one less thing to update and a best practice. Hackers also target and try to exploit outdated and inactive themes. You can remove the themes not in use in the Dashboard under APPEARANCE | THEMES. Select an inactive theme and then the delete option. Make sure it’s not your active theme! It is a best practice to always have a complete backup in place before deleting anything from your WordPress set-up.


Print Friendly, PDF & Email