Welcome to a new year! For many of us, January is a time to make new goals and set milestones for the upcoming months. This year, I’m focusing on self-care and my health — including the health of my website.
In fact, I recommend that all website owners dedicate time to review their website health at the beginning of the year. Whether you run a personal blog or a business site, you can’t afford to ignore your website health.
Now is a perfect time to review your website security with this handy checklist of 5 items to enhance your website security for the new year:
1. Update WordPress and Plugins
You are probably already aware of how important it is to keep your WordPress core files and plugins up-to-date. Outdated plugins on your site can be serious security issues, and all plugins and files should be updated as soon as possible.
Note: updating WordPress files and plugins can affect site functionality. I always recommend updating each element individually and testing the site between updates.
2. Audit Users
How many users are registered with your website — and are they all necessary? Sometimes a former user is now obsolete, such as when an employee leaves a company. If somebody should no longer have access to your site, make sure their WordPress user is deleted from your website.
Sometimes you have to keep users even if that person is no longer part of your website. For example: you may have a guest blogger who no longer posts on your site, but you want to keep their user login for archival purposes. In that case, be sure to downgrade their user status to the lowest possible user role, such as “subscriber.”
3. Review Backups
Website backups are incredibly important. In fact, I tell clients that backups are the highest priority investment you can make in your WordPress website. A solid backup can solve many problems:
Updated files causing your site to crash? Restore from a backup.
New or updated plugin causing incompatibilities? Restore from a backup.
Malicious code inserted into site files? You guessed it — restore from a backup.
Of course, troubleshooting will be necessary to fix the root causes of those issues — but troubleshooting won’t be an option if a backup isn’t available. Make sure your website is backed up on a regular basis (I suggest at least weekly, if not daily!) and that backup files are stored in a secure location.
4. Remove Unnecessary Themes and Plugins
Do you have unused WordPress themes and plugins on your site? If so, delete them! Deactivated themes and plugins can still be backdoor security risks, and it’s better to delete them whenever possible.
Note: If you’re using a child theme (and you better be using a child theme!) make sure you do NOT delete the parent theme of that child theme.
5. Test Contact Form
This last suggestion is an often-overlooked element of websites — testing any existing forms. Sometimes plugin or software updates can affect the settings for contact forms. If your site has a contact form, be sure to send a test message to ensure that everything is working as expected.
To recap, your checklist this January to improve your website security:
- Update WordPress and Plugins
- Audit Users
- Review Backups
- Remove Unnecessary Themes and Plugins
- Test Contact Form
Concerned about your website? Get in touch if you have any questions.