After reading another post in a forum where someone has had a WordPress site hacked, I felt compelled to write this post.
Lots of authors let others set up websites for them and have no clue how they work, and the designer/developer decides to use WordPress to build the site because WordPress makes it easy for inexperienced website owners (authors) to post content and it’s free software.
But WordPress is not that easy to run for an inexperienced user, nor is it a set-it and forget-it solution, and that’s often totally forgotten.
I have a lot of WordPress-based websites and there are some key factors to keeping them safe you need to understand before you let anyone set up a site for you using WordPress.
- You’ve got to keep the thing updated. If the person setting up the site isn’t going to be doing that for you, you have to learn how to do this. It’s super important. If you don’t, you’re going to get hacked. Just no way around that.
- You need to be able to make backups of the WordPress site and media files on the server and the database that your WordPress site stores your content in. If the person maintaining your site doesn’t do this, you need to do it. Just like with your books, you need backups. Things can happen to databases and files can get corrupted or changed and need to be replaced. You need to be able to make these backups.
- You have to stay away from old plug-ins, or any plug-in that isn’t well-maintained. The best bet is to always only use plug-ins you absolutely need and make sure they have a reputation for being safe. There are plug-ins out there that are just back doors for hackers. You have to be careful with plug-ins.
- Highly customized and complicated themes are not good choices when the site is being run by an inexperienced WordPress user. WordPress code changes, security flaws get exploited, and depending on a designer/dev for updates and fixes can get really expensive. It’s safest to stick with customized child themes based on common, well-maintained themes, such as the core themes that come with WordPress.
- Using the default “admin” username is a big no-no and yet lots of designers/devs still set WordPress up with “admin” as the main user. Don’t let them!
- You’ll need to use a long (and I mean really long) password for your username. Brute force attacks are an issue with WordPress so you need a long password.
I’m sure there are even more things to keep in mind if you’re letting someone set up a WordPress site for you, but these are the biggies that come to mind.
If you’re not comfortable with web stuff, using WordPress is not going to be a safe option for your website unless you have a designer/developer you can rely on and you’re not afraid to spend some money making sure things stay updated and safe.
WordPress is great. I love it. But I also know my way around a database, can do some light php coding, and have been building and running websites since 2001. There are definitely costs associated with WordPress-based websites, including real money and time. It’s a trade off. You learn to do a lot of things yourself and save the money, or you save the time and pay.
Anyway, if you ended up here because you’re thinking about letting someone set up a WordPress site for you, I hope this helps you make your decision with your eyes open.