Maintaining clients security is a big job. According to WordPress.org Codex, “Fundamentally, security is not about perfectly secure systems.” Remembering that no site will ever be 100% secure, and communicating this to clients is important. But by following some simple steps and guidelines you can keep their security current and keep clients happy.
You’ve heard this several times, the best preventative security measure is to keep all your clients site plugins current, because it’s true. Hackers look for out of date vulnerabilities, even in your WordPress installation. Make sure your clients are running the latest version of WordPress as well, often times new versions have security updates.
As a freelancer or web manager, your time is valuable. Keep track of all plugins that need updates, in a centralized location. Either localhost test site, keep a spreadsheet/database or Sync. Sync also lets you update your clients site plugins all in one place.
Strong passwords – use them. Keep track of client passwords and generate unique passwords with a tool like LastPass. It lets you quickly share those secure passwords with your client making it easier for them also.
Admin accounts are easy to detect so renaming the Admin account will go a long way in preventing a security issue. iThemes Security helps with this and many more preventative WordPress security measures.
For any ecommerce site, purchase SSL certificates and keep them up to date. SSL certs encrypt the sensitive data which means making it harder for the bad guys to have access to it. Your hosting provider will have SSL options for you to check out.
Monitoring and Detection
Kevin Hendricks blog he says, “You need to keep an eye on the perimeter and monitor what kind of shenanigans are going down on your clients sites.” Shenanigans happen all the time, so find a tool that works for you that will do all the monitoring. You only have two eyeballs. Set notifications to go to yourself first, and then pass them along to your client if it requires their attention.
Monitor file changes, permissions and logs (done in iThemes Security pictured below). Use a tool that detects all these backend issues. There are a lot of small hacks that can occur, that any human wouldn’t find.
And as always, have full backups. Part of maintaining client site security is the ability to recover should anything happen. Having a good backup plugin that allows you to backup, migrate and recover a site will make your life easier and save you a lot of valuable time. Tools like BackupBuddy make backups a breeze.
Schedule your clients site backups on a sensible timeframe. If a client is updating valuable information every day, daily backups may be an option for you to consider. Again, it’s important to be able to rollback to the latest version of the site, in the event something happens.
Your client cares if their site is up and no major user facing security issues arise. That’s your job. Know when and how to communicate security issues, because they probably don’t want to know every detail.
Do you have any other tips or personal experience to share with us? Comment below or tweet us!
Here’s a free eBook for even more information on WordPress Security:
In this primer on WordPress security, learn simple WordPress security tips for keeping your site safe—including 3 kinds of security your site needs and 4 best security practices for keeping your WordPress site safe.
- First Things First
- Kinds of Security Your Site Needs
- Best Security Practices
- More Security Help