WordPress Management for Non-Techies
Odds are you’re at least trying to to secure your WordPress sites, right? You’re probably using security plug-ins like Wordfence, or maybe you’ve signed up for some promise of “secure” hosting, or you’ve spent time reading and researching WordPress management and security. Maybe you’ve even spent a few bucks to have a company like Cloudflare or Sucuri involved. All good, but you’re forgetting the weak link in the chain.
The Weak Link Is People
In the end, security rests in the hands of people, not software. This is where the problem often lies. Not because software is better than people, but because humans are …. well …. human! We’ll chose the path of least resistance every time. We resist change. We chose “faster” over “better”. Its just our natural tendency, and if you’re going to really be good at managing and securing WordPress you really do need to understand and work with this fact.
What are the most common human-centered mistakes we see in the WordPress universe?
- Horrible passwords. Like really awful. Seriously. Bad. Please do not let your password be “123456“.
- Everyone is an administrator? Why? People who write and edit should be assigned author, contributor or editor privileges, not administrator privileges.
- Working without encryption. Why are you using FTP and HTTP rather than SFTP and HTTPS? The best passwords in the world don’t matter if someone is sniffing your packets while you work at Starbucks.
- Accepting one-click WordPress install defaults. Sure that’s really easy, but are you sure that the installer set things up as securely as they can be? Here’s a hint. Most times it doesn’t.
- Not keeping core and plug-ins updated and vetted. Wordpress and plug-ins are constantly updated, not just to add features to be close serious security holes. If you don’t stay updated and patched, you’re leaving the front door wide open.
- CHMOD 777 !!!!!!! If you don’t know what this is, learn. If you do know what this is and you’ve done it, shame on you.
Its About Habits and Inertia
Nobody is making these mistakes because they’re trying to sabotage your WordPress sites. Its just what humans do as a matter of course. People resist and fear change for a variety of reasons, and most won’t take the time to learn new tricks unless they really have to. Learning new ways to work to improve your WordPress management and security is a challenge. It takes time and effort and it can be temporarily disruptive to your workflow.
So What Are You Supposed To Do?
- Accept that good WordPress management and security requires action on your part. You’re going to have to take an active approach to the problem.
- Be open to learning new tools, techniques and workflows.
- Understand the risk/reward equation when it comes to seeking efficiency. Every time you forego a security measure in favor of something faster or more convenient, you’re choosing reward and maximizing risk.
- If you’re in a team, best practices and security need to be “baked in” to your culture. Educate and reinforce!
I’m Not A Technical Person! How Am I Supposed To Know All This?
You’re not! When we run into things that we don’t know, we engage experts that do know. Maybe its time for you to do the same when it comes to how you WordPress management, security and workflows. Getting some training and adding proper expertise or experience to your team will likely pay off many times over down the road.
As it turns out, we happen to be experts on this particular topic! Why not drop us a note? We’re happy to take a look at your situation any time.
If you’re sharing this article on social media, thank you! Please be sure to use the #wordpresswisdom hashtag so we can build a vibrant community dedicated to WordPress best practices.