To date we’ve got solely interviewed individuals who perceive and work in utility and WordPress safety. We’ve got at all times heard the distributors’ voice. Nevertheless, on this interview we took a unique strategy. We interviewed Ivica Delic, a WordPress skilled about safety. The scope of this interview is to higher perceive how WordPress professionals, to whom possibly safety will not be their cup of crew, see and perceive safety services and products. This interview additionally helps us perceive the place we will enhance and what these professionals are doing to maintain their clients’ web sites safe.

Ivica Delic has been working with WordPress since 2011 and has co-founded He has volunteered within the WordPress group and attended and offered at quite a few WP Meetups about dashing up WordPress web sites. Ivica began a number of standard Fb teams on varied WordPress matters. He’s an administrator in additional than 25 Fb teams, which collectively have over 150,000 members. Ivica graduated with a Grasp’s Diploma in Economics, and after 20+ years of managing groups within the banking trade he co-founded Confida, a digital market firm that focuses on serving to clients with managing WordPress web sites and digital advertising wants.

The Interview

Q1: What are the primary 5 safety greatest practices that you simply implement / observe whenever you setup a brand new WordPress web site? 

The primary one is to decide on a very good and dependable WordPress internet hosting. I’ve labored with quite a lot of internet hosts, and there are lots of good ones. I exploit SiteGround for many of my work.

The second greatest observe is to implement a very good backup technique. I at all times use a web-based service the place potential, reminiscent of BlogVault. This makes it potential to retailer the backups offsite and in a safe location.

Then I set up numerous WordPress safety instruments and plugins. I at all times suggest MalCare and WP Safety Audit Log because the final line of web site’s protection to all our clients.

The remaining two greatest practices are suggestions for our customers; use distinctive and powerful WordPress passwords, and at all times hold your WordPress core, theme, plugins, PHP and all of the software program in your internet server and pc updated. If potential use an antivirus / anti-malware software program.

Q2. Do you discover WordPress safety plugins and companies straightforward to implement and use or not?

We’ve got examined quite a lot of safety plugins and instruments during the last years. There are some that are very straightforward to implement and use. Nevertheless, some others are very tough to make use of and they’re doing extra hurt than good. They go away lots for the person to determine upon, nonetheless, the vast majority of customers and professionals usually are not safety savvy. In order that they discover these plugins overwhelming and find yourself both underneath or overprotecting their web sites.

Most of the time, customers mis-configure advanced safety plugins. For instance they get locked out of their very own web site by the safety plugin, or all their scorching linked photos usually are not loading anymore. Or some safety plugins with file integrity monitoring report change in a log file is presumably malicious. Customers panic at this issues as a result of they don’t perceive that for instance a change in a log file will not be malicious, or why scorching linked photos usually are not working.

Q3. Which was the most important problem / problem you’ve encountered when implementing or utilizing safety plugins / merchandise / companies?

To narrate to the earlier query – the most important problem I personally encountered is that I’ve to check and test the safety instruments used on a buyer’s web site, which I won’t be conversant in. Typically we take over the administration of a buyer’s web site and should test that each one the safety options work correctly collectively with out overlapping capabilities. We’ve got to make sure that there are  no compatibility points between them to keep away from undesired behaviour, reminiscent of blocking the positioning’s admins out.

This fall. Do you observe any safety web sites to find out about WordPress safety, or do you permit it to the professionals? Or it’s a little bit of each?

I’m member and admin of few WordPress Safety Fb Teams the place quite a lot of WP safety consultants put up. I observe and skim all of the related safety information in addition to safety sensible advises / greatest practices. Nevertheless, the advanced process of cleansing contaminated websites I (nonetheless) didn’t grasp. In such conditions I depend on the professionals.

Q5. Do you favor to make use of a web-based WordPress firewall service or set up a WordPress firewall plugin in your website? Clarify why.

I choose to make use of a web-based WordPress Internet Utility Firewall (WAF) service. All of the consultants say that WAF is a significantly better layer of safety in opposition to hackers and DDoS assaults. A WAF is ready to detect and block something malicious earlier than it reaches your website. Sadly, WordPress plugins can’t present that, since they’re attempting to defend the web site from the inside.

Q6. In your opinion, that are the highest three causes why WordPress websites get hacked?

I share the identical opinion as many different professionals:

  • insecure web sites internet hosting,
  • use of weak and simple to guess passwords,
  • outdated WordPress core, theme, plugins, PHP and different software program.

If you happen to don’t thoughts me including an additional tip, if you happen to care about your web site and enterprise don’t set up nulled plugins and themes.

Q7: What do you suppose the WordPress safety trade / distributors can do to assist extra professionals such as you, whom safety will not be their cup of tea, higher perceive and shield their clients’ web sites?

In brief, they should make it a lot simpler for the person. They will do that by:

  • creating extra Wizards for simpler and quicker implementation of the safety instrument,
  • mechanically implement “one of the best practices” so not a lot is left for the person to do,
  • implement a warning system so when some safety instruments are put in on the identical website with overlapping options, the person is suggested in regards to the situation.

Q8. If you happen to may select one safety function to be included in WordPress core by default, what would it not be and why?

I want to see internet utility firewall (WAF) service included in WordPress to have not less than fundamental layer of the safety safety, as we’ve got on Home windows with the pre-installed Home windows Defender.

Q9. Is there any explicit topic or content material you’d prefer to see extra of from safety distributors and professionals?

I want to see extra real-life use circumstances for newbies that designate what do to specifically on a regular basis conditions when safety is breached. There are fairly a couple of on the market however most of them are focused at superior safety individuals. They use advanced lingo and instruments.

Q10. Do you are feeling you possibly can hold updated with WordPress safety information or not? If not, what do you suppose is the issue?

Sure, in spite of everything these years I really feel fairly assured that I’ve obtained the hold of it. It took us fairly a while to check and thoroughly construct our Safety Instruments Combo Field, and to make sure everybody in our crew follows safety greatest practices.

The put up Interview with Ivica Delic on WordPress professionals & safety appeared first on WP White Safety.

Current Articles By Creator

*** It is a Safety Bloggers Community syndicated weblog from WP White Safety authored by Robert Abela. Learn the unique put up at:


A gamer myself, A Open Source hobbyists, A IT Security professional, A WordPress Blogger. I fully understand privacy and boosted speeds are what those who take online hosting seriously seek. Fast, secure and reliable, I've found that a VPS and Web hosting is common nowadays. Bringing extensive IT experience to the table, I enjoy helping others fine-tune their hosting services by sharing industry tips, high tech tricks and useful advice here on my website. Check back often to learn new skills of the trade, including how to perform a VPS and Web hosting setup from start to finish. Ready to level up your skill with NTHsecure? Forego the wait … it’s time to crate!

Write A Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.