WordPress Security: Or, Why I’m Sleeping at Night

wpsecurity-nosleepRecurring Nightmares Anyone?

Have you ever had recurring nightmares? Trust me, I'm going somewhere with this.

When I was a kid, there was a period of months where I remember dreaming about snakes under the bed almost every night. It got so bad I wanted to move to my own room instead of sleeping in the same room as my brother. I have no idea how that makes sense unless he was the one putting them under my bed.

But my point is that I had trouble falling asleep. I was stressed.

Stress Used to Keep Me Awake

Later, in college, I didn't have trouble falling asleep because I was scared of stuff. I struggled because my brain kept going. I kept thinking about stuff. There weren't enough hours in the day. And I would come up with potential issues that might arise and then counter moves.

Yeah, crazy.

WordPress Security

Over the past week and a half, we've seen nothing but posts and alerts about serious security issues affecting the WordPress community. Now to be clear, none of these have been about the core WordPress product. It's pretty secure.

But some plugins many people use (caching plugins that help your site speed up) had some vulnerabilities. I'm not a security expert so I can't walk you thru the details. But I know that when the posts start appearing, people get nervous and stressed.

And that's when I think about all those nights when I couldn't fall asleep. I've been wondering if people have been like that these days. I think some people have.

But not me.

I go back to my daily routine of taking daytime naps. 🙂 And I relax and sleep soundly at night.

My Passwords Used to Suck!

Partially it's because I don't have a password like I used to have. Years ago, and I mean a lot of years ago, I used to have a password like this: Lema18. And when a system prompted me to change it, you know what I did, don't you? Lema19. Boom!

Actually, I think it was more like lema and then they told me I needed integers, so it became lema1. And then they said I needed a capital – and that's how we got to Lema18. But that was years ago. I'm sure none of you are doing things like that. Right?

Today I use a pass phrase. You know,  words with spaces. Like this, but not this one: Now is the time for all good men to come to the aid of our country.

It's easy for me to remember, and hard for someone else to guess. But like I said – it's not that phrase.

Why I'm Sleeping at Night


There are two reasons I've been sleeping well at night.

WP Engine: I use a managed WordPress hosting company to take care of my site hosting. I like all the managed care providers and suggest you check them out. But for chrislema.co, I use WP Engine.

Why? Their support is fast. Their servers are faster. And I know when it comes to security, I know they're on top of things. In fact, I think every managed hosting provider was on top of things quickly with regards to this latest issue. Which is why I recommend you pick a managed hosting provider.

Sucuri.net: Now, every site hosted at WP Engine (at a certain level) has malware remediation (cleaning up your site) as part of their package. But I still have my own account with Sucuri.net. Because with the account I have, I can add other sites for them to monitor.

They provide monitoring and clean up if you're infected. And they're in the process of rolling out a new product that will protect from the cloud. It's in beta but when it goes live, I'll let you know about it.

In Closing….

I'm not trying to scare you, but if you don't have a plan…or if your plan is a free plugin you downloaded that has “Security” in the name…I'd strongly suggest you do a tiny bit of investigating to make sure you're all set.

My recommendation? Two companies. Both amazing. Both excellent at what they do.

And both help me sleep at night.