InvestmentNews takes advisers through the developments and innovations in technology that'll change the way you do business today and tomorrow.

Running WordPress securely

WordPress is no longer a four-letter word in business

Apr 29, 2014 @ 8:57 am

By Blane Warrene

Time was when WordPress was a four-letter word in business. No longer. Not only has the platform become scaled scaled so that it powers 22% of all websites, it also has a maturing ecosystem of developers and tools convenient to business.

As with any technology you put to use in a business, even if it's outsourced, you should have a clear plan that includes handling security, data backup and recovery. Think about launching your website, for example. Choosing WordPress as your platform for that is no different than selecting a CRM although in this case, you have some options to consider.


The first step in deploying a WordPress site is answering this question: Should you use or install WordPress on your own server? Both allow you to use the domain(s) you have purchased, so it boils down to feature and function.

The clearest differentiator between those two choices is deciding how much flexibility you will require for content. has tools for hosting image galleries, podcasts and video, along with integration to social networks. However, no plug-ins can be installed, which means that if you have a couple of clear-cut content goals, and will satisfy those requirements, then outsourcing to Automattic (of which WordPress is the progeny) will work for you.

Alternately, you may need an ecosystem of plug-ins, for example:

• Using a portal-like experience via the S2 Member plug-in,

• Publishing a podcast via a third-party service via the PowerPress plug-in from Blubrry, Blubrry Getting custom design capabilities through specialized themes like Thesis or plug-ins like TablePress.

In this case, hosting your own installation of WordPress makes more sense. That does not mean you can't outsource the hosting. And that leads to the steps to securing your own installation of WordPress.


Web hosts who devote resources specifically to WordPress are emerging. The key in selecting your host is identifying how they will make using WordPress even easier.

The questions to ask here include:

• Do I have access to e-mail, phone and/or chat for support?

• Do support resources have extensive WordPress knowledge?

• Is automated backup and restore service available?

• Do you offer automated WordPress updates to keep me current?

• What are my limitations? (disk space, bandwidth, etc.)

The key here is to avoid free hosting. If your web site is important to you as a communications tool, then invest the dollars in using a sustainable web host. Several companies focus on WordPress as a part of their business plan, including Wired Advisor, an industry-focused digital solution from Stephanie Sammons, a traditional web host in Media Temple (recently became a GoDaddy subsidiary) or a WordPress-only solution like Flywheel.

If you are seeking a comparison against using WordPress, the number one alternative to consider is SquareSpace.


Perhaps the most important steps to take in using WordPress are implementing solid security and data backup solution.

From a security perspective, protecting against the traditional WordPress attack, which is typically an attempt to compromise the admin login for your site, is paramount. In addition to plug-ins suggested below, also ensure you set up a separate administrative user and remove the default admin user from the system.

These plug-ins all seek to accomplish the same goal — better secure your web site. You can evaluate the options among the three to determine which is most effective for your site. VaultPress does have an advantage as it was built by the same folks who develop WordPress, so there are no concerns over integration or stability.


• Automattic built VaultPress to tightly integrate and provide options for real-time backup and security,

• All-in-One WP Security & Firewall plug-in,

• iThemes Security Pro

Like any other information we develop and store, backing up a web site is key to allowing easy recovery when problems occur. The data a WordPress site contains is more than just the content you post. It includes the theme you've purchased or designed and plug-ins installed to power your site. Having an easy way to back up and quickly restore all of these is critical.


• Backup Buddy, a WordPress backup that integrates to Amazon Web Services and Dropbox among other services,

• VaultPress again makes this list, offering varying levels of automated backup and even one-click restores.


One of the best parts of WordPress is being able to identify a theme that gives you all the fundamental components of a web site pre-built — allowing you to customize as much as needed to make your site unique. While there are a few optimal free themes, it is best to pick from an established, premium theme-maker to insure they will keep pace with WordPress updates.

Some well-known theme-makers include:

• DIY Themes — the makers of Thesis, one of the most customizable themes available.

• Genesis — a framework approach, offering an array of themes that work within the Genesis system.

• Woo Themes — also a framework, providing a catalog of themes as well as an e-commerce component.

It can be tempting to get elaborate with plug-ins once you realize the nearly limitless capabilities within WordPress. However, it's best to choose plug-ins wisely and limit them to those required to power your site. The more sources of software for your site means the balancing act of making sure everyone stays updated with the current version of WordPress.

Some final excellent plug-ins that offer versatility include Akismet (spam filtering of comments), Wordpress SEO (a plug-in from Yoast that offers strong search engine optimization capabilities) and WP-Touch Pro for adding responsiveness to your web site (if not using a purely responsive theme).

Blane Warrene speaks and writes frequently on technology and the intersection of marketing and compliance in financial services. He co-founded Arkovi and QuonWarrene, and produces the Digital Well podcast.


What do you think?

View comments

Recommended for you

Featured Research

The 2015 InvestmentNews Adviser Technology Study

This in-depth study provides a blueprint for the industry, providing actionable information to advisers, along with the latest solutions to help them drive profitability, efficiency and growth for their firm.

Featured video


Diversity & Inclusion Awards: 2018 nominations are open

Editor Fred Gabriel and special projects editor Liz Skinner discuss the nomination process for InvestmentNews' inaugural Diversity & Inclusion awards.

Latest news & opinion

Cetera reportedly exploring $1.5 billion sale

The company confirmed it's talking to investment bankers to 'explore how to best optimize [its] capital structure at lower costs.'

SEC Chairman Jay Clayton outlines goals for a new fiduciary standard

Rule should provide clarity on role of adviser, enhanced investor protection and regulatory coordination.

Advisers bemoan LPL's technology platform change

Those in a private LinkedIn chat room were sounding off about fears the independent broker-dealer will require a move to ClientWorks before it is fully ready.

Speculation mounts on whether others will follow UBS' latest move to prevent brokers from leaving

UBS brokers must sign a 12-month non-solicit agreement if they want their 2017 bonuses.

Maryland jumps into fiduciary fray with legislation requiring brokers to act in best interests of clients

Legislation requires brokers to act in the best interests of clients.


Hi! Glad you're here and we hope you like all the great work we do here at InvestmentNews. But what we do is expensive and is funded in part by our sponsors. So won't you show our sponsors a little love by whitelisting It'll help us continue to serve you.

Yes, show me how to whitelist

Ad blocker detected. Please whitelist us or give premium a try.


Subscribe and Save 60%

Premium Access
Print + Digital

Learn more
Subscribe to Print