Many bloggers choose WordPress because it is commonly used and well-documented across the web. Using WordPress requires some diligence if you want to serve quality data with minimal downtime. If you don’t keep up with security, your site may become compromised. There is another danger a poorly maintained WordPress site presents: storage security. A common backup procedure–storing backups to Dropbox or Google Drive–could put your personal data at risk.
The ubiquity of WordPress creates a danger of well-known security holes. Usually, updates to the core code and plugins close the gaps quickly. But your plugin developers and site administrators must regularly update your tools.
The danger is that to set up these in-site backup tools, you have to provide some credentials that will give WordPress access to write to your storage location. A compromise to your site’s code or the plugins could give a hacker access to your storage location, sending data from your storage location back to them.
Strategies for Better Storage Security
We’re going to walk through better WordPress security options you can use. Some of these can be combined into a better security plan for your WordPress site.
By setting up your site for HTTPS communication, you require all tools and communication to use encryption when transferring data. Unencrypted data poses a major danger. Traffic, page requests, purchase information, usernames and even passwords can be sent in clear text. Then, anyone who controls a server in the middle can read them. Encryption goes a long way toward protecting your site and your visitors.
This technique can sometimes be tricky and require a more knowledgeable web administrator. WP Beginner provides instructions or you can easily Google others. Amazon has made this process a lot easier to set up using their AWS tools.
There is an added benefit to moving to an HTTPS secure solution. Google now gives preferential status for search rankings to these sites! Who would have guessed that tightening your site’s security could help your site get more traffic?
Use FTP or Server for Backups
You can use a method similar the site backup method mentioned earlier only you would use server-side methods to transfer the data away from public traffic. You can then store your site’s data to a secure area on the same server that is not publicly accessible. This could also be mirrored to a separate server for additional protection.
FTP can be used similarly. As mentioned earlier, if you use this method, your backup can and should be set up using secure channels as well.
AWS S3 Buckets
A recent, inexpensive, and more secure location to store your backup using tools that send it to a cloud storage solution like an S3 bucket. These tools are readily available and there are many configuration options to control access.
Backup Storage Security and Efficiency
We’ve talked about improving the security of your site and your backup storage. Some automated solutions create one large image file of your site’s data and store it. Each time your site gets backed up, it produces another single file. Each time your site grows, or you need to move one of these files, you transfer one big file. The web bandwidth works much better when it can move smaller files in shorter bursts. Plus, if a hacker got ahold of one of these files, they get all the data stored in your site. The file might include sensitive data like unpublished pages, account logins, and credentials to other tools to which your site connects.
You don’t have to reinvent the wheel each time you build a site. It pays in the long run to learn a little more about how best to secure your site. Once you have the solution in place, it becomes fairly routine, problem-free maintenance. Take some of that time a WordPress solution saves and use it on regular site and plugin updates. Protect your site on behalf of your customers. But you may also protect against exploits to locations that you use to store your own personal information.