Hackers can access your database via SQL injection via forms, checkout pages, search bars, and other places on the front-end of your site that accept user input. Good malware scan software should alert you to any vulnerabilities on your site. It’s also important that you use reputable, actively maintained plugins and keep your site updated. […]
If your site still starts with http instead of https, you’re missing SSL certificate. There’s no excuse for not having an SSL certificate these days. A good hosting provider will include one free of charge, and there are other options such as Let’s Encrypt that provide them free as well. SSL ensures all data on […]
You site should be scanned daily for malware, malicious code and backdoors. Companies like iThemes, Sucuri and CleanTalk are all reputable and have different plan levels depending on your needs.
A strong password is your first defense against brute force attack by bots. Use a trusted plugin that will ensure all new users will be forced to create a secure password, audit existing users and send them all a password reset email.
Store daily back-ups of your core files and database on a remote server (AW3, DropBox, Google Drive). It’s not enough to rely on your hosting provider’s backups unless you have full access to them, they are done regularly and you can easily perform a restore.
October 8th, 2019 Update: WP Rig is a better option than _underscores these days. This post hasn’t ages so well, but do check out Morten Rand-Hendriksen‘s video below for a comprehensive intro to building a PWA using WP Rig as a starter template Original post from February 5th, 2019: In this tutorial we’ll make the […]