Keeping your website secure allows people to have peace of mind while browsing around. If you allowed your website’s vulnerabilities to stay unpatched, then malicious actors can take over and silently convert the site into a zombie botnet for their own purposes. Some methods to solve this can be seen below:
Avoiding Unnecessary Plugins
While there are a myriad of plugins you can use to add functionality to your website, they can carry extra performance load or even introduce new vulnerabilities to the site. Be sure that the plugins you’re downloading are absolutely required for the site to function and check the parameters as well:
- Some plugins aren’t updated for a while and carry compatibility only up to certain WordPress versions, any newer ones could still work but may cause issues to prop up unexpectedly.
- Beware and be cautious of newer and untested plugins that have not been rated by the community as well. However enticing new features can be is not an excuse to download something that could potentially hurt your system.
Keep Your Systems up to Date
WordPress is constantly evolving, and with those updates contain new and improved features as well as increased protection through proactive security updates. This applies to your themes and plugins as well, and should be updated regularly as you continue to work on your site. If you have the option to, you can choose to enable automatic updates so you can leave the trouble of updates to WordPress and the plugins to stay up-to-date as needed. If not, keep in mind and push to update your systems whenever possible.
A small caveat to automatic updates is if you do regularly check the news with updates to the system. If there is a chance that a new update causes significant and unavoidable issues such as heavy performance impact, it can be reasonable to prevent WordPress and its systems from updating until a new patch resolves the issue.
Please Use a Strong Password
If you can guess what a password is, a brute forcing method can guess it even faster. Dictionary attacks are a common hacking method in an attempt to gain access to high level accounts on a website that can be easily prevented with a level of diligence. WordPress itself will generate a relatively safe and strong password, though it is up to the user to make their own password just as strong to be both easily memorable and hard to break into.
Consider that common passwords are easy enough that there is entire lists that can potentially trace a password from there to enter an account. To spice it up, mix in uppercase letters, numbers, and special character symbols to add to the complexity:
The difference between the passwords “hellohowareyou” and “H3ll0.H0w%%Ar3.Y0u?” make enough of a difference for one to be cracked in seconds and the other to be reasonably protected.
Consider password managers or saving passwords in a location away from your device (such as a notebook) as additional methods to keep your password hidden away and easy to remember should the need to save it arise.
User Roles for Many Such Fantasies
For the Many Such Fantasies blog, I envision that since this is a personal blog that is meant to both be informative of the differences in the Fantasy genre and also have some fun exploring the topic, I intend to use a few roles to evoke those feelings.
The main Administrator account will be here to stay. This account existing means that I can make general adjustments to the blog’s form and function and going forth will likely be purely with administrative tasks. This means plugins, themes, pages, settings, and users will be handled by this account, but any posts and comments I can delegate to the Editor instead. The only time that I would make posts as the Admin is for off-topic and generalized posts that require a higher level of importance than the editor provides.
With the Editor, and taking the site’s themes into account, I plan to use a pen name to create a persona that handles the account. The Editor of course manages posts, pages, and comments just as the Administrator does, but I can inject this role with a bit of flair that adds to the immersion of the website as well.
Authors I might not make much use of since this blog is planned to be strictly an individual project. Though they can manage their own content and manage their own posts along with those under them, there is nothing they can do that an editor already can perform.
Contributors are possible, but that is only if I intend to invite collaborators to participate in this blog. They would be limited in their posting capability and would require administrative/editorial approval, but it would be clear that they are outside guests that can contribute to the blog’s development.
Subscribers are simple, outside, viewers that can leave comments to view on the various blog posts. Though simple, sometimes an outside viewpoint can give insight on commentary or if I am taking the blog in the right direction.