Secure Your Website: Course Video Sections & Resources
This course is split into 2 parts.
Part 1 is for understanding and setting up a baseline security for your website.
- Secure hosting
- Selecting the right plugins
- Obtaining and configuring an SSL certificate for your website
- Scheduling automatic backups
- And some best practices along the way
Part 2 is more advanced tactics and involves automating tasks and getting into some of the code of the website.
Even if this is your first website, you will be able to follow along and secure your site. If you have any questions don’t hesitate to reach out!
Cloudways Managed Hosting: https://www.cloudways.com/en/?id=158602
Use Code: SOULFULDESIGN at checkout for another 20% off for 2 months
Use this link for a quick plugin checklist: https://docs.google.com/spreadsheets/d/1waN4TafIuc3lJNDtX_yPzQzHF74EQxKlHeYTbZEBcnk/edit?usp=sharing
Intro To SSL Certificates:
Reasons to use an SSL Certificate for your website:
- If you are accepting payment or any potentially personal information from your users it will be a great idea to have.
- If you expect a lot of traffic or want to increase your SEO an SSL certificate is a good idea.
- Google is starting to show scary warning messages that could keep
- Your visitors from going to your website making it generally a good idea
There are 2 routes I’m going to show you for installing an SSL Certificate:
- The first is called LetsEncrypt and is LESS SECURE.
- If you expect to collect personal info or payments you should purchase an SSL and that is in the Purchasing and installing an SSl certificate section.
Note: If you purchase a certificate make sure its from a trusted “Certificate Authority”
Installing a LetsEncrypt SSL Certificate:
Link to their website for more info: https://letsencrypt.org/
LetsEncrypt Docs: https://letsencrypt.org/docs/
If you need to watch my first course to learn DNS basics
here it is for FREE: https://skl.sh/2NH4CeE
Purchasing & Installing an SSL Certificate:
Where I get my SSL Certs: https://www.gogetssl.com/
Generate a CSR here: https://www.gogetssl.com/online-csr-generator/
Decode a CSR here: https://www.gogetssl.com/online-csr-decoder/
Check your SSL Certs here: https://www.gogetssl.com/check-ssl-installation/
- In the .crt or .cer file you will see the public certificate
- In the .ca or .ca-bundle file you will find the certificate chain
Creating Admin Accounts & Password Best Practices:
- don’t use Admin or any variation of admin for your admin username
- Always use a long and good password
- Make sure the username and password are kept somewhere safe
Automated Website Backups:
Backups Plugin: https://updraftplus.com/
WordPress Plugins Page for backups plugin: https://wordpress.org/plugins/updraftplus/
Download button for plugin file: https://downloads.wordpress.org/plugin/updraftplus.1.16.20.zip
- Don’t leave it to yourself to perform backups, setup automatic backups with the plugin
- Make sure the backups are retained long enough for you to check every now and then so your backups don’t get overwritten
- Always try to have backups performed somewhere offsite in case your server crashes like Dropbox