How to Start a Secure WordPress Blog for Newbies

How to Start a Secure WordPress Blog for Newbies

How-to-Start-a-Secure-WordPress-Blog-For-Newbies

Starting a new blog is an adventure and an inspiration like every new beginning, but it is worth it. Nowadays, it is extremely easy to start your own website, it requires a tiny initial investment of money and some investment of your time to create content and share it with the world.

In this particular article, we have decided to focus on the most recognized content management system (CMS) called WordPress. At the moment, at least 25% of all websites worldwide are built on this platform, because it is free, extremely easy to use and the sites look very appealing. We have also taken a step further and have explained what you need to know in terms of keeping your new blog secure, because security is an important factor in web space where billions of people interfere and sadly not all of them have good intentions. That’s why, every site owner has to take precautions, to prevent his/her new blog from being hacked. You may read more about the various hacking attacks in our article How to start a secure blog: Your must-do checklist. Further, in this post, we have described the steps you should take in order to start a website and where the pitfalls could be.





Notice! An open discussion is available in our forum section, where you can freely share your experience with Web Hosting services, give an opinion, provide a client report or simply ask questions about a hosting you are considering to use in the future. Find a suitable topic or create a new one under Web Hosting Discussions and User Experience.

Starting a WordPress Blog

Since you are already thinking about starting a blog, you probably have an idea what you want to write about, so the first thing to do is to pick up a niche. Then, you should come up with a domain or this is the name of your website and how you want it to be called and found by other people in the web space. Make sure your domain is not too long or complicated, simpler is better and easier to remember. When you are ready with the first two tasks, you should choose the home of your site or to put it straight choose the right and most secure hosting provider, further in the article you will find out why. Somewhere, in between, you will come across another important question to answer and it is what CMS platform you plan to use. As suggested earlier, for blogs, we recommend WordPress, because it is easy to use, almost every hosting provider out there offers optimised WordPress hosting solution and there are tons of information on the web how to use the platform.

Of all the aforementioned new terms only hosting has to do with security. You may be interested why we start with that, it’s because to make your blog successful you will have to make an effort, spend hours creating content and attracting readers or put it otherwise, build traffic. Because the most traffic your blog generates, the more successful it is. Yet, if you don’t take care to secure your blog, you may end up losing it all as a blink of an eye, all those hours of work and dedication. So when choosing a host, you need to make sure that they have you covered by providing certain features included in the hosting package you will purchase. Please note that in this article we assume that as a newbie blogger you will purchase a shared hosting account, because it does not really make sense to invest in more expensive hosting solution such as VPS, Dedicated servers, etc.


The Hosting Service

The hosting service is actually a server where your site is stored and from where it shows to the world. A hosting provider usually has hundreds of server machines located in so called data centres around the world. Today data centres are one of the most secure properties, security levels and precautions equal to government and military premises. This is because they store enormous amount of personal data and also your site data. If your website is your business for instance you certainly do not want to get hacked or lose money because your site is down.

In fact, when you use shared hosting that means that on one server many client websites are hosted and if you just pick a host, whose infrastructure is old, even if one site on this server gets hacked, other accounts are also affected, so one thing to ask before choosing your host is to make sure that they use the so called account isolation. Further to that it is good to make sure that besides using the latest infrastructure and software, your host has redundancy plans in place in the occurrence of power outage, natural disaster, fire and so on. This could be that they have alternative power solution, spare parts on site or even a spare server that can replace the broken one in a matter of minutes. In addition, for your piece of mind, it is good to make sure that servers are proactively monitored for vulnerabilities and measures are taken in advance to prevent your site being down, because if your site is inaccessible for some reason you end up losing money and not really benefiting from the efforts and time you have invested.

To save you time gathering information about the thousands of hosting providers out there, trying to compare them and reading through tons of information, we have listed below some of the best hosts with which we have experience and we know that they cover and even go beyond the security criteria described above and further in this post:

1. Siteground

  • Overview – SiteGround has been on the hosting market for quite some time now. The company was found in 2004 in Bulgaria and has grown ever since to be one of the leading hosting providers globally, hosting more than 800,000 domains currently. The company employs around 400 people at the moment and has 5 data centers worldwide.
  • Plans ‒ the cheapest plan starts at USD 3,95/mo and it has all the features you need to start your personal blog. The best part about SiteGround is that the loading time they provide to site owners are really fast as they use SSD drives as well in-house build caching solutions called the SuperCacher.
  • Support ‒ SiteGround claim they offer unmatched customer service and they definitely live up to client expectations. They offer 24/7 chat, phone, ticket and social media support available for all their plans and that’s not all, their agents are trained to help with WordPress related questions that go beyond hosting. And not to forget the extensive WordPress tutorials you can easily find on their official website.
  • Security ‒ SiteGround claim that they were the first to introduce the account isolation practice and this is probably true, because besides in-house crafted solutions, they use latest innovations to make sure that their servers are secure. What is more, they have their own in-house crafted server monitoring systems, that even fixes issues without human intervention.

2. A2

  • Overview – A2 was found in 1999 in USA and employs around 100 people currently. They have the image of a friendly company that treats their employees well and this reflects in the way they treat clients. We have only seen positive client reviews about A2 praising their speed and client service mostly. They have 3 data centers in USA, Europe and Asia.
  • Plans ‒ A2 offer quite cheap plans and the basic plan starts at USD 3,92/mo and it has all features a newbie blogger needs to kick off, but they also have more advanced solutions when your site starts to generate more traffic. The extras that you get included in the price are free SSL, free site migration and free CDN for faster site loading times.
  • Support ‒ 24/7 support via live chat, phone, tickets, e-mail and knowledge base available with all plans.
  • Security ‒ A2 seem to be doing everything right in terms of security, they have account isolation, WAF rules, malware scanning, HackScan protection and more tools to ensure your site is secure.

3. FlyWheel

  • Overview – Flywheel is relatively small and your company. It was found in 2012 in Nebraska. Currently the company employs around 90 people and serves about 50,000 marketing agencies and 40,000 clients. Their target market are web designers and developers this is their company mission: To improve the lives of the millions of web designers and developers worldwide that build sites on the WordPress Platform.
    Flywheel focuses a lot on their user experience and the company is extremely customer-centric with a very easy to use dashboard and extremely easy to navigate overall hosting solutions, which makes them a perfect choice for newbies that do not care much about the slightly higher price. Yet, we should point out that they offer free site migration. SSL is not included in the cheapest plan.
  • Plans ‒ Flywheel provide hosting solutions optimized for WordPress only, if you plan to use a different CMS platform to build your site you should better look elsewhere. Their cheapest plan starts at USD 15/mo.
  • Support ‒ 24/7 support is available for emergency cases only. Otherwise, they offer live chat, phone and e-mail support Monday to Friday from 9 am to 5 pm.
  • Security ‒ in reality Flywheel is a reseller and they use the hosting platform of another supplier called Digital Ocean. The hosting environment are VPS droplets, that are isolated containers which guarantees high level of security and even if one account gets hacked, others are not affected. For monitoring of their servers they use Pingdom tools.

4. WPEngine

  • Overview – WPEngine is probably the best well known hositng provider for WordPress. The company was found in 2010 in USA. They employ around 350 people currently have around 60,000 clients from 140 countries. Their company mission is to provide the best quality, security and top service to their customers.
  • Plans ‒ WPEngine is certainly not the cheapest option on the hosting arena, their basic plan starts at USD 29/mo, but is has all features a newbie web designer may need. Havign said that, WPEngine is probably not the best choice for a newbie blogger, because you will get resources that you will not really need to start out.
  • Support ‒ 24/7 live chat, phone support is available only for more expensive plans and ticketing is a support option for enterprise clients.
  • Security ‒ WPEngine have several security layers of protection starting from account isolation, to firewall, server monitoring systems and malware scanning.

5. HostGator Cloud

  • Overview – The company was found in 2002 in USA. Since 2012, HostGator is part of the largest hosting group called EIG. Employs more than 500 people at the moment and hosts more than 950,000 websites. HostGator is one of the hosting giants.
    We decided to include them in this list because of their cloud hosting plan, which is extremely affordable and also a good choice for newbie bloggers.
  • Plans ‒ the cheapest cloud plan starts at USD 4,95/mo and can even get 40% off this price.
  • Support ‒ 24/7 via live chat, e-mail and tickets, but as far as we know response time is quite slow and support is not one of their strongest features.
  • Security ‒ in terms of security they have everything that’s needed to keep your site secure such as account isolation, redundancy plans, malware scanning.

So, when you have chosen your hosting provider, here are some additional essential factors to have in mind when making sure your new blog is secure:

SSL certificate

It is imperative to have SSL certificate installed on your site, not only because it encrypts all the information that is transferred from and to your website, but also because Google will rank your site higher, which means more traffic. You can purchase SSL from a number of certified providers, but in reality you don’t have to do it, because since last year the free SSL called Let’s Encrypt was introduced. So in this case, the only thing you need to is to make sure that your hosting provider supports Let’s Encrypt and will not charge you extra for SSL. Some hosting providers even offer Let’s Encrypt as a 1-click install option within their dashboard making it extremely easy for the user to install it.


Automatic WordPress Updates

Just like the content you are going to put on your website, in order to keep the interest of your readers you will have to update it quite regularly and also add new features daily. This is pretty much the way WordPress works being an open code platform. The WordPress core gets updated very often to be constantly improved but also to get protected when vulnerability is found. The same applies for WordPress themes and plugins you are going to use to build your site. They also get updated regularly by their creators and you should make sure that you get these updates to ensure your site is protected. Instead of you taking care of all these, a solid hosting provider can step in and do this for you, and note that this is a free service and you don’t have to be charged extra.


Backup and Restore

You should definitely make sure that your website data is backed up on a regular basis, because this way even if for some reason you lose some information it could be easily restored. This is a feature that good hosting providers have included in each of their hosting plans. The catch here is that with the cheapest plans they usually make one backup copy per month and the restore service is paid. With a bit more advanced and more expensive shared plans, you will most probably have your site backed up every day and your hosting provider will restore it for free in case of some data loss or hacker’s attack. Anyhow, when choosing the best host for you, you should make sure that they will back up your site regularly, that you will have access to these backup copies and it’s also good to at least have an idea how much the restore service would cost when needed.


WAF Rules (Web Application Firewall)

A solid hosting provider writes and imposes WAF rules (Web Application Firewall) to patch vulnerabilities whenever needed. As explained earlier, WordPress along with themes and plugins are updated quite often to prevent their users from getting hacked by patching some weak spots or bugs that appear after they have been released to the general public. Usually writing and releasing an official WAF rule can take up to several days. Yet, in such situations you certainly do not want your site to stay vulnerable for such a long time. In such cases, a serious hosting provider can help, because it often happens that your host can come up with a WAF rule to patch a certain vulnerability within hours after it has been announced or even less. And believe me this makes your life so much easier and worry free instead of waiting for the official patch to come up. And yes, there are hosting providers who do that for their clients and you can find them in the list further in this article.

To sum up these are the basic pillars of a reliable WordPress managed hosting provider that will further reinforce your efforts to run a secure blog.

Next steps: Finally, after you select your preferred hosting provider, we want to also quickly mention some of the other measures you should know about and you as the site owner have to take to further ensure the security of your blog:

    never use “admin” as your user name;
    change your passwords often;
    don’t give access to other people to the backend of your site or if it’s absolutely necessary limit the users’ circle as much as possible;
    you can even go further and activate Geo IP block if you prefer to block users attempting to enter your site from some suspicious locations around the world;
    use the plugins you really need for your site to function properly – the less the better;
    choose themes that are GPL licensed and are from reliable sources.
Gergana Ivanova

Gergana Ivanova

Gergana has completed a bachelor degree in Marketing from the University of National and World Economy. She has been with the STF team for three years, researching malware and reporting on the latest infections. She believes that in times of constantly evolving dependency of network connected technologies, people should spread the word not the war.

More Posts

Follow Me:
Google Plus

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...