Secure WordPress site setup is a must-have skill for designers and website owners.
In this post I’ll share why it’s important for WordPress sites to be secured from the root up and where to find the the training to do the job properly.
Once upon a time it was simple and fun to set up a WordPress blog.
Choosing plugins and themes became the main focus for web designers and site owners alike. Most site owners and many web designers didn’t think twice about site security.
WordPress is Most Popular CMS
As an open source content management system (CMS), WordPress has grown into the most-widely used platform in the world.
While exact market share is difficult to measure, statistics generally cite that nearly 15% of the top 100 websites are using it. And W3Techs (a company that monitors web technology usage) cites that WordPress powers 30% of the top 10 million websites.
The problem is that as the market share has grown, so too have the opportunities for hackers and botnets. So WordPress has become a natural target for security exploits since it’s inception.
Since 2003 WordPress has continually hardened its core software to mitigate common security threats. (You can learn more about WordPress core security here.)
WordPress Site Design is So Much More Now
I fell in love with WordPress when I set up my first blog.
I loved experimenting with themes and plugins, enjoyed writing blog posts and tutorials, and soon became hooked on the WordPress platform.
But I didn’t know what I didn’t know!
It was no longer enough to know how to install WordPress and activate a theme.
Yes, creating a beautiful website is fun and rewarding! Clients should be proud of their websites and designers should be proud of the work that we do for them.
But responsible web design means that you as web designer has taken every precaution to keep your client’s site secure, updated, and performing well.
The Search to Find Top-Notch Training
And there wasn’t any one place to find the training I needed.
So I began to search the web for tutorials, courses, webinars, and whitepapers on how to do a secure WordPress site setup.
As I educated myself about WordPress, I soon learned that security has always been a concern for the WordPress community and core developers.
But it became confusing to understand exactly how to secure a site and what best practices should be implemented. This was due to all of the hacks, well-meaning posts, and advice from colleagues and online gurus that my research turned up.
For years I documented everything I learned about WordPress security.
I even compiled a post to help folks with steps they could take to secure their WordPress site.
And I continued my search to stay on top of best practices for WordPress security and performance. But was it enough? Was I on track?
BlogAid to the Rescue!
That’s when I discovered MaAnna Stephenson of BlogAid. I initially saw MaAnna pop up in WordPress Facebook Groups and forums I joined, and I was impressed with her critical thinking and laser focus.
I also appreciated her ability to cut through the noise and lead others to the right choice regarding their WordPress sites.
So I subscribed to MaAnna’s weekly newsletter, BlogAid News, and started following her on social media.
As a web designer, I realized that there was definitely value in educating myself in order to confidently and competently expand the services I was selling.
But First I had to Start with My Own Site Audit
In fact, I was so impressed that several years ago I hired MaAnna to do a site audit for my business site.
It was actually quite a learning experience, and together we dug into my website, its plugins, the server and more.
And she told me that my security setup was “a mess.” (She will tell it to you straight!)
Looking back, I wasn’t one bit surprised. There were so many articles out there on website security that I found myself trying to incorporate most of what I read. A bit of code here, a blocked IP there, an .htaccess directive…
My behemoth setup included things like bloated third-party plugins that managed my website security, a convoluted .htaccess file (the file that controls the configuration of the website) and directives that could even lock me out of my own website while I was traveling.
Yikes! Yes, it was all secure, but difficult to manage!
After that site audit, I was determined to educate myself and continue in ongoing education so that I would be a more efficient webmaster.
What Site Owners and Designers Need to Know
As I soon learned, secure WordPress site setup includes:
- setting up a site from scratch (that means installing WordPress manually, not using the one-click install offered by most hosting companies)
- securing the host root account by locking down critical root files
- creating a database manually
- configuring site settings for security
- setting the site up under SSL
- ensuring only one site per cpanel account
- improving security and performance through Cloudflare or another CDN
- blocking bad bots that chew up hosting resources
- installing well-optimized and maintained plugins
- preventing brute force attacks
- installing a firewall
- prohibiting directory browsing of critical WordPress files
- periodic site audits to ensure everything is working as expected
- and so much more!
Secure WordPress site setup also means a self-hosted or managed site.
When you build a site on Wix or Squarespace, you are handing everything over to a third party. Should those companies go out of business, there goes your website right along with them.
Where to Learn Secure WordPress Site Setup
As a designer, I’ve always been very good at understanding client requirements and translating that into a functional and pleasing web design that my clients were happy with.
But I just couldn’t keep on top of breaking news and information that was critical to my business.
And so I began to search for some sort of ongoing training that would benefit me and keep me up-to-date with the latest and greatest on WordPress, SEO, Google trends and more.
Seeing the value that MaAnna had provided me, her clients, and the broader WordPress community, it was a no-brainer for me to sign up for her Webmaster Training so that I could provide more of that same value for my own clients.
MaAnna has created an outstanding library of training to help web designers and site owners just like you and me do the job right in the back-end.
I’m willing to bet that there are many designers out there who have struggled with similar issues.
Disclaimer: As a side note, I am not an affiliate nor am I compensated in any way for writing this article or recommending MaAnna’s programs.
I’m just a proponent of bringing excellence to every job I do for every client that hires me.
And that means I must commit to ongoing training from trusted and vetted sources like BlogAid.
It Takes a Village — So Why Not Join One?
As part of Webmaster Training, I have access to an exclusive Facebook Group of like-minded webmasters who take their roles seriously and want to have an arsenal of training, support, resources, colleagues, and more at their disposal.
This Facebook group includes live workshops and group chats where we support and help each other.
It is a rich community of people with specialized skill sets that I feel confident hiring. And they have hired me as well.
Stay Ahead of the Curve
HTTPS, Gutenberg, PHP 7.0+ — you name it, we need to know it, deal with it, and stay ahead of it before it turns around and bites us or crashes our clients’ sites.
There is no such thing as complacency when you work in technology.
You will never know everything, but you can posture yourself as an educated and competent webmaster by doing all you can to stay current with technology trends and best practices.
MaAnna’s self-paced training is continually updated and will appeal to all skill levels.
The Results are In — Immediate ROI
I’m happy to report that the investment in this training has skyrocketed my business. In fact, the return on my investment was immediate and has paid for itself over and over again.
If you have been like me searching all over the web for comprehensive, up-to-date training that will boost your webmaster skills to the next level, then look no further than BlogAid’s Webmaster Training.
If, on the other hand, you’re a site owner who would rather hire someone to take care of your website security and performance, please contact me for an initial consult.
Together we’ll come up with a plan to secure your site from the root up so you can rest assured that your site is meeting WordPress best practices for security and performance.
Over to You
I hope you have a better understanding as to why secure WordPress site setup is so important for web designers and site owners to know.
I’m happy to answer any questions you may have. Just leave a comment below!
How do you stay on top of emerging technology trends with WordPress, Google, SEO and more?
Have you found training that works for you? I’d love to hear about your experience with this. Please share in the comments below!