Editor’s Note: We have discussed security before – yet – challenges will continue for all of us as technology companies and law enforcement play the cat and mouse game with bad actors. Keeping up is an act of futility. However, that is not surrendering. It is simply a call for taking measures to reduce the risk as low as possible. You are likely doing this on your business mobile devices, computers and networks among other areas of technology infrastructure. One of the ingredients that have kept financial professionals from utilizing WordPress has been security concerns. That should no longer be an obstacle.
There have been quite a few words published on WordPress security, from criticisms to recipes for enforcing your web site against the risks of bad actors who may seek to compromise your web site. I have been evaluating the Jetpack suite of tools available within WordPress.org (where you install WordPress on your domain and server). This has been tested across three domains (including my own personal web site) since 2014. What drove me to explore Jetpack?
My Primary Concerns on WordPress
There are many requirements we have to run a business web site. Those range from the design specifications, ability to edit and publish content as well as any governance requirements such as archiving and retention. However, my top priorities for managing a web site revolve around these three areas.
Backup and Restore
Backup needs to be automated, seamless (getting everything, not just content) with restore capabilities. On a WordPress site, you will want to be backing up daily for these components:
- The WordPress database for your site
- Posts and Pages
These should be one-click to restore if possible, with some technical support for complex scenarios.
Updates are critical in any online environment, not just WordPress. It is similar to your computer operating system (OS) or your smart phone OS. You want to pick your “add-ons” (i.e. apps, plug-ins, etc) carefully. It is critical to keep your OS as up to date as possible (i.e. WordPress version updates) – so choose your plug-ins carefully – selecting those who have a reputation of pacing those updates consistently. Nothing is worse than needing a WordPress update for security purposes and a plug-in breaks and disable some or all of your web site.
Understanding and identifying security risks online is extremely difficult without a team of experts and their systems monitoring the constant stream of threats. I needed a method for being prompted to understand how my web site was at risk and a path to mitigating it without an extraordinary amount of resources.
Jetpack Solutions Tested
Jetpack is an intriguing collection of free and premium tools offered through WordPress for any WordPress site. This is ideal as the folks who build and manage WordPress (Auttomatic) also manage these tools. While there are several handy utilities in Jetpack, a few solved for my core needs outlined above.
Comment spam was long a plague on WordPress sites, which not only meant the manual labor to mark them as spam, but also avoiding the malware-infected links and code often included in those comment submissions. Akismet automates nearly all spam handling with quite an accurate record. Highly recommended. On my site alone the stats are staggering. (See the screenshot from my WordPress dashboard).
Backups were also difficult for me – as manually running them, or having to export them to third party destinations and manage them, was complicated. I need a simple solution. VaultPress solved that equation for me. Running daily backups as well as having one-click restore access was a problem solver for me. In addition, offering a real-time security scan identifies risks I never would have found (for example. the platform advised me a sample file in a plug-in I used opened a vulnerability – and that the file was safe to delete with a click).
A weak link is often the WordPress login. This is where brute force attacks have often occurred. One obvious tactic is changing the administrative username from admin to something else and using a strong password. However, Protect, free inside Jetpack, also adds an additional layer protecting your login function. In my case, 954 malicious login attempts had occurred over the evaluation period).
My Outcome on WordPress
These tools worked quite well and I have chosen to invest in them for my web site as well as recommending them to others. I have outlined below the costs of what I opted for as well as links to those specific services.
- The Akismet-VaultPress bundle is optimal here – providing backup/restore, spam filtering as well as security checkups and one-click fixes. This is $29 per month per website.
- Protect is free within Jetpack (which is also a free framework plugin)