Starting out in WordPress hosting, security can be overwhelming. You have to learn what issues are out there and what solutions to provide for your clients.
I stumbled around for awhile and got periodic bouts of overwhelm. How do I learn all the security I need plus sell my clients on paying me for it?
Then one day, on a hosting support call, the support man gave me 2 easy tips to get started:
- Keep scripts up to date
- Use strong passwords
It was actually Tim from IT who told me that. He just happened to be helping out on phone support when I called, instead of his usual job in IT. Tim said most of the issues coming down the pike could be prevented by these 2 basic security measures: keeping scripts updated and keeping passwords strong.
I thought, hey, that is where I need to start. Forget everything I could be doing and start actually doing 2 things, and doing them faithfully.
How do you eat an elephant (or in this case, overwhelm)? One bite at a time.
It’s doing the little things first, like the servant in Matthew 25, “…thou hast been faithful over a few things, I will make thee ruler over many things.” Better start small and grow, then never start at all, right?
But for me, it wasn’t so simple. I had a lot of questions.
1. Keep scripts up to date?
Since I use WordPress, keeping scripts updated would mean keeping WordPress core, plugins, and themes all up to date on all my websites.
I immediately wondered about the logistics.
- How do I know when updates come out?
Do I need to login to all sites every day to keep everything updated? Or should I have a schedule and do it once a week or once a month?
- When should I update?
How do I know the best time of day and week for my client websites? I don’t want to scare them with the Maintenance screen when they are updating their website content.
- How long can I wait to update?
Long ago, I heard some WordPressers say that they wait until after the first minor update (say 4.7.1) to update (say to 4.7). That way, some of the more obvious bugs are ironed out before they update.
- What about the site breaking after updates?
Oh, that’s right, I need backups for that. And I should test the backups before updating. And I should know how to restore the backup after an update. Sounds like hours of time before the updates even begin.
2. Use strong passwords?
For this tip, I had another whole set of questions.
- First of all, what is a strong password anyway?
- How am I supposed to keep track of all these passwords?
They say, never write it down. They say, never use the same one twice. Do you know how many that is when you help dozens of clients?
- What about my clients’ passwords?
They each have access to their own website (of course), and they use their own passwords. You know, those easy-to-remember passwords. Generally short. It’s their favorite one. They use it everywhere. Strong? Hardly!
I’m telling you, it really isn’t that simple!
Frankly, it was frustrating to me. Is it to you, too?
Stay tuned for an update on what happened!