Intro to Wordpress: Securing, Backing up & Finishing the Site
I am studying Wordpress and PHP with @skillcrush, in this article we cover securing, backing up and finishing the site!
I am learning with Skillcrush. Please check them out and sign up if you're looking to break into tech!
Receive $250 off your course by using the link above. Use the coupon code: TWIXMIXY
NOTE: this discount is for Break Into Tech + Get Hired package exclusively.
It's the same program I am participating in!
📚 Greetings travelers! We are studying Wordpress and PHP with Skillcrush. In this article we cover securing, backing up and finishing the site.
🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩⬜⬜ 89% DONE
See my recent article for a personal update! Let’s get to it…
You can subscribe without signing up for a substack account! Also just select “None” when subscribing. All the content from my learning journey is free.
WordPress Security
Tactics to Secure WP
Keeping WP core files & plugins up to date
Making sure the hosting company uses secured web servers and current software versions
Following best practices for security
Employing security plugins
Backing up your database and files regularly
Keep WP Up To Date
Most importantly make sure you update when updates are rolled out. Much like updating your iOS on your apple device. Oftentimes new security measures and bug fixes are being rolled out.
Thankfully WP makes it really easy and you get notifications from right within the dashboard that you need to make updates to either WP or various plugins.
Do Not Use The Username “admin”
Since it can often be the default, that’s already half of the puzzle that a hacker may need to try and gain access to the site. So mix it up!
Use Strong Passwords
First off it’s good practice to update passwords on a regular basis. Also something you will want to make the customer aware of when you hand their WP site off to them.
The easiest thing to do is have a password manager - but with that you also want to make sure you secure that database down as well!!
Personally I am still attached to using “memorable” passwords. Meaning using phrases that I am familiar with, but then always changing a key aspect of the password to make it unique. Definitely ALWAYS include a number and special character. Most websites enforce this now.
Who Are Your Users?
WP websites were originally designed to have folks sign up so that they could comment or interact with your website in various ways. If this is not how you are using your site, then be sure to turn off “Anyone can register” function.
If you do want users to have access be sure to set their permissions through out the system. Some people also call this the capabilities or roles within the system.
Change Your Security Keys & Salts
KEYS and SALTS are random strings that lengthen things like passwords and session tokens on your site.
These can be found in the wp-config.php file.
3 Ways to Change Keys and Salts
Don’t Allow Theme Files to be Edited From the Admin Dashboard
If you spent a lot of time custom coding your theme, you don’t want anyone (even yourself) to be able to edit it from within the dashboard. This is especially crucial for after you hand the site off to the customer.
Implement Some Basic Security Steps
Replace your “admin” account with a new user
Change your security keys & salts
Disable theme editing from the admin
Table Prefixes and Security on Unmanaged Host
There are certain hosts who specialize in WP, but not all of them do. In this case some precautions should be taken place.
This information should be available on the hosting service’s site. If not, reach out to them for more information.
One option is to change table prefixes. WARNING that you should make a backup of your site before proceeding with this step.
The default for a WP table prefix is “wp_” which means it could be predictable to a hacker.
One recommendation is to remove the prefix, so it just reads as the random string of numbers and letters. These can be changed in the wp-config.php file. You’ll need to make sure anything referencing these tables is also updated.
Securing WP Site Using Plugins
This is the quickest and easiest option. Skillcrush provides a list of the best options out there. Again, this is really if you are using a host that is not setup with integral WP security measures.
For my test example, I’m using iThemes Security plugin.
Backing Up WP Database and Files Locally
I can’t even recall the sites that I had to scrap and completely start over because I didn’t understand some fundamental concepts about WP and how to manage the site.
Having issues is inevitable, so protecting against that by backing up the site is crucial.
The best way to accomplish this is to do a FULL database export. This can be done via the phpMyAdmin. Navigate to the database and then choose the export tab. Click the go button and you’re all set.
From this point you can also do partials from within the WP dashboard by going to Tools > Export and have your post recent blog posts.
Most important files:
wp-config.php
everything in the /wp-content folder
The best thing to do with your backup files is to have a backup folder, then within that folder date the export folder to place all of the files. To save space you can zip the contents.
Backups should be done regularly. If you are actively working on the build, back it up daily. If you are mostly doing content management then weekly will be fine.
To remember to do this, simply create a recurring to do task or a calendar item.
And that’s it! We did it.
🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩🟩 100% DONE
I have a couple Skillcrush course options from here:
WordPress Professional Best Practices
Introduction to Ruby
Getting Started with Python
→ Using Python to Build Web Apps
→ Preparing & Displaying Data with Python
OR… Finishing my Skillcrush Portfolio. If I work on my portfolio it’s very likely I won’t be writing about the process unless I find something cool or new that I learned that I want to write about.
For writing, I’m leaning towards the Python course because it’s something I feel like I’m going to have to learn soon rather than later.
Either way, in September I’m going to be joining a Software Engineer Immersive program. It’s a full time intensive program, so I’m not sure how much I’ll be able to write during the process.
My current inclination is to wrap up my portfolio and obtain my Front End Development certification prior to starting the SEI program.
No matter what, I’m going to be on LinkedIn and Twitter every day sharing about my coding journey. Thanks for reading!
What did you think? Leave me a comment and share!