WordPress is a great platform and service. However, you must take maintenance and security seriously, especially for an eCommerce site. These sites are generally targeted far more than marketing sites. Malware and site attacks are a real threat and not something to be ignored. With our years of experience in building and managing WordPress sites, we have created some guidelines for you to follow.

Minimum Security:

  • Hosting: it is very important when choosing a hosting provider to enquire about their security practices. We recommend Siteground who have a great track record and offer tools to help keep everything secure.

  • Siteground SItescanner: if you purchase Siteground hosting please also purchase the additional Sitescanner addon. This is very helpful at keeping an eye on the files on your site and if there is anything suspicious.
  • Site Backups: make sure your hosting provider offers a backup service. Siteground includes one in all packages. Backups are very important in case something happens and you need to recover the site code or the database. For eCommerce sites, we recommend extra backup options which we will discuss further below. 
  • WordPress and Plugin Updates: Keeping WordPress and all your plugins up to date is very important. This is why we offer ongoing support packages to include this. Our support packages are ideal for this as we also include a staging version of the site. This means that we test any updates on the staging site to check they are working correctly and do not break any code. We would never recommend applying updates directly to a live site without testing. 
  • SSL Certificates: These are a minimum requirement to protect a site. Siteground hosting includes a free certificate but we recommend a paid level for high value or eCommerce sites. 
  • Website Admin Access: We also advise keeping the Admin accounts on the site to the absolute minimum. All passwords for the site or hosting related should be generated from a password manager.
    Avoid adding any new plugins to the site if possible. The more you add the more that have to be updated and the more risks to the site. If you do add plugins only used well established and reviewed providers. 

Advanced Security: Recommended for eCommerce sites but every site will benefit.

Wildcard SSL: This type of SSL gives you more encryption over more pages and is essential for an eCommerce site. Do not use free SSL certificates! Drew can recommend the best solution for your specific needs.

Sucuri: Sucuri is one of the world’s leading WordPress security and malware defence suppliers. They provide the best in service website and server scanners, firewalls and an excellent malware removal service. Their yearly subscriptions mean that on top of Drew’s support if anything does go wrong your website will be fine.

A Sucuri plan offers the following services:

  • Advanced Website and Server File Scans: Sucuri will regularly do deep scans of your site and server to look for any known vulnerabilities or suspicious files. hopefully allowing them to be removed before they do any damage.
  • Firewall: The Sucuri firewall will stop people from getting access to your site through brute force attacks. This can be installed for you by Drew with 3 hours of work.
  • Malware Removal: There is no guarantee that will stop your site from getting attacked. Malware is constantly getting more sophisticated and looking for new ways into websites. Ecommerce sites are an especially high target for attacks. With Sucuri you have some of the best technicians on hand in the event of the worst-case scenario. They will go in and identify the problem and remove all malware and suspicious files. Drew has used Sucuri in the past and has consistently been impressed with their work and speed. 
  • Backups: this is a small extra charge on top of your subscription. Having backups separate from your hosting gives you the extra peace of mind that if anything happens to your hosting the site is not lost. 

Please follow this link to see the various Sucuri subscription options available.
The main difference between the packages is the response time from Sucuri.

We here at Drew are always available to discuss what’s right for you and your site security.

Finally, Drew nor Sucuri can guarantee your site will not be attacked or get malware. As we mentioned above malware gets more sophisticated every day and it is something to constantly look out for. But with all these tools at your disposal, your site will be as prepared as possible for an attack. If the worst does happen you can sleep easy knowing you also have tools to get everything back up and running. WordPress and website security might seem scary but it doesn’t have to be, as long as you’re prepared.

Up next...