InvestmentNews takes advisers through the developments and innovations in technology that’ll change the way you do business today—and tomorrow.

Running WordPress securely

WordPress is no longer a four-letter word in business

Apr 29, 2014 @ 8:57 am

By Blane Warrene

wordpress, blog, website
+ Zoom

Time was when WordPress was a four-letter word in business. No longer. Not only has the platform become scaled scaled so that it powers 22% of all websites, it also has a maturing ecosystem of developers and tools convenient to business.

As with any technology you put to use in a business, even if it's outsourced, you should have a clear plan that includes handling security, data backup and recovery. Think about launching your website, for example. Choosing WordPress as your platform for that is no different than selecting a CRM although in this case, you have some options to consider.


The first step in deploying a WordPress site is answering this question: Should you use or install WordPress on your own server? Both allow you to use the domain(s) you have purchased, so it boils down to feature and function.

The clearest differentiator between those two choices is deciding how much flexibility you will require for content. has tools for hosting image galleries, podcasts and video, along with integration to social networks. However, no plug-ins can be installed, which means that if you have a couple of clear-cut content goals, and will satisfy those requirements, then outsourcing to Automattic (of which WordPress is the progeny) will work for you.

Alternately, you may need an ecosystem of plug-ins, for example:

• Using a portal-like experience via the S2 Member plug-in,

• Publishing a podcast via a third-party service via the PowerPress plug-in from Blubrry, Blubrry Getting custom design capabilities through specialized themes like Thesis or plug-ins like TablePress.

In this case, hosting your own installation of WordPress makes more sense. That does not mean you can't outsource the hosting. And that leads to the steps to securing your own installation of WordPress.


Web hosts who devote resources specifically to WordPress are emerging. The key in selecting your host is identifying how they will make using WordPress even easier.

The questions to ask here include:

• Do I have access to e-mail, phone and/or chat for support?

• Do support resources have extensive WordPress knowledge?

• Is automated backup and restore service available?

• Do you offer automated WordPress updates to keep me current?

• What are my limitations? (disk space, bandwidth, etc.)

The key here is to avoid free hosting. If your web site is important to you as a communications tool, then invest the dollars in using a sustainable web host. Several companies focus on WordPress as a part of their business plan, including Wired Advisor, an industry-focused digital solution from Stephanie Sammons, a traditional web host in Media Temple (recently became a GoDaddy subsidiary) or a WordPress-only solution like Flywheel.

If you are seeking a comparison against using WordPress, the number one alternative to consider is SquareSpace.


Perhaps the most important steps to take in using WordPress are implementing solid security and data backup solution.

From a security perspective, protecting against the traditional WordPress attack, which is typically an attempt to compromise the admin login for your site, is paramount. In addition to plug-ins suggested below, also ensure you set up a separate administrative user and remove the default admin user from the system.

These plug-ins all seek to accomplish the same goal — better secure your web site. You can evaluate the options among the three to determine which is most effective for your site. VaultPress does have an advantage as it was built by the same folks who develop WordPress, so there are no concerns over integration or stability.


• Automattic built VaultPress to tightly integrate and provide options for real-time backup and security,

• All-in-One WP Security & Firewall plug-in,

• iThemes Security Pro

Like any other information we develop and store, backing up a web site is key to allowing easy recovery when problems occur. The data a WordPress site contains is more than just the content you post. It includes the theme you've purchased or designed and plug-ins installed to power your site. Having an easy way to back up and quickly restore all of these is critical.


• Backup Buddy, a WordPress backup that integrates to Amazon Web Services and Dropbox among other services,

• VaultPress again makes this list, offering varying levels of automated backup and even one-click restores.


One of the best parts of WordPress is being able to identify a theme that gives you all the fundamental components of a web site pre-built — allowing you to customize as much as needed to make your site unique. While there are a few optimal free themes, it is best to pick from an established, premium theme-maker to insure they will keep pace with WordPress updates.

Some well-known theme-makers include:

• DIY Themes — the makers of Thesis, one of the most customizable themes available.

• Genesis — a framework approach, offering an array of themes that work within the Genesis system.

• Woo Themes — also a framework, providing a catalog of themes as well as an e-commerce component.

It can be tempting to get elaborate with plug-ins once you realize the nearly limitless capabilities within WordPress. However, it's best to choose plug-ins wisely and limit them to those required to power your site. The more sources of software for your site means the balancing act of making sure everyone stays updated with the current version of WordPress.

Some final excellent plug-ins that offer versatility include Akismet (spam filtering of comments), Wordpress SEO (a plug-in from Yoast that offers strong search engine optimization capabilities) and WP-Touch Pro for adding responsiveness to your web site (if not using a purely responsive theme).

Blane Warrene speaks and writes frequently on technology and the intersection of marketing and compliance in financial services. He co-founded Arkovi and QuonWarrene, and produces the Digital Well podcast.


What do you think?

View comments

Recommended for you

Featured Research

The 2015 InvestmentNews Adviser Technology Study

This in-depth study provides a blueprint for the industry, providing actionable information to advisers, along with the latest solutions to help them drive profitability, efficiency and growth for their firm.

Featured video


How to build a better business plan

Financial advisers are good at a lot of things, but business planning isn't always one of them. Why is that and how can they improve? Teri Shepherd of Carson Group offers some solutions.

Video Spotlight

The Search for Income

Sponsored by PGIM Investments

Recommended Video

Path to growth

Latest news & opinion

T. Rowe Price steps up its game to serve financial advisers

The Baltimore-based mutual fund giant is more aggressively targeting financial advisers with a beefed-up wholesale crew and placement on custodial platforms.

The most important tax changes for 2018

The Internal Revenue Service issued inflation adjustments to more than 50 tax provisions for 2018.

Shift to Roth 401(k)s 'highly likely' part of tax reform: former Treasury official Mark Iwry

Mandated contributions to Roth accounts would likely only be partial, as opposed to having a full repeal of pre-tax accounts.

E*Trade acquiring custodian Trust Company of America

Discount broker buying second-tier custodian for $275 million.

Another thousand Dow points higher, and investors yawn

Market milestones keep falling like dominoes, with 51 records broken so far this year.


Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print