Host hack inspires DIY WP website security review

There’s me, feeling smug because there’s so much exciting freelance copywriting work around. Then my poor host’s servers get hacked, my site goes down for four days and I’m reminded my business doesn’t really exist. It’s exclusively digital, wholly online. Without it, I am the invisible lady.

Website security – Meet the invisible lady!

No website means no visibility, no traffic, no new copywriting customers and, if it carries on long enough, damaged search engine results page positions. It felt pretty damn weird being siteless, I can tell you. And it’s awful losing data, which can happen. Imagine spending ages crafting a suite of diamond-brilliant blog posts only to lose them because some thoughtless, antisocial twit decides to hack into your server. Or just as bad, hack direct into your site.

Hackers and their bots are horribly clever. And they’re grimly determined. Like everyone else, hosting companies are engaged in a  constant battle to keep the buggers out. Luckily my site is up and running again, to huge sighs of relief on my part, following 24/7 weekend-long efforts by our host. Good bloke.

Taking some of the responsibility for WP website security

The point of all this? Good hosting companies like mine implement bomb proof data backup protocols. But things can still go catastrophically wrong at their end. It’s always a possibility. It makes sense to back up, copy and save your site files yourself. That way, if everything goes dog-shaped at least the bits and bobs you need are stashed safely, in full and up to date.

My site’s on WordPress. This is what I do:

  • Set up a daily WP database backup: Set WordPress so it backs up the site database and emails a backup file every day.
  • Replicate the lot with WP Twin: Use WP Twin to copy the site in its entirety including images, resources, settings and content once a week. If it disappears at the host end and they lose their data backups, I can get someone clever at this end to reinstate it.
  • Configure Better WP Security: Install the Better WP Security plug-in and configure it to maximise site security.
  • Update WP itself every time there’s a new version available, as soon as I’m notified
  • Use a ridiculously knotty WP password, one that’ll take thousands of machines thousands of years to decode, in the hope most hackers prioritise low-hanging fruit.

Mega-disaster recovery

Let’s hope it never happens. But just in case a mega-disaster strikes, I also run an alternative freelance copywriting site,  a very basic one page dotco dotuk that I can develop if my dotcom gets totally burned. It isn’t visible in the SERPs because it doesn’t deserve to be. It’s a sort of place-holder; I don’t have the time to maintain a second site with different content and all the marketing effort it involves. But I can use the url to cobble together something worthwhile in a couple of days, content-wise, and use Pay Per Click to get instant page one Google visibility… which is better than nothing.

Belt and braces site security

As a last resort, if all else fails, I update my free marketing ebook every month. At a push I could start from scratch, transferring the 500 or so posts it contains into a fresh blog. Or pay someone to do it for me.

Leave a Reply

Your email address will not be published. Required fields are marked *