Home Forums Networks & Cross-Platform Networking Building a WordPress Site - Advise?

Do I need Jetpack? Are there add-ons you recommend? We are using Tiny Framework template.

You only need Jetpack if you want any of its features. It's part of a standard WordPress install, but you don't have to enable it.

Biggest advice: KEEP IT SECURE. If you fail to install security updates in a timely manner, it will get hacked. It doesn't matter how small, inconspicuous, or obscure it is. Organized criminals use special tools that search the Web for vulnerable WordPress sites and hack them automatically, and then use them to plant viruses and malware, host phony bank pages, and host other content that they can not legally host anywhere.

Also, use really strong passwords for your administrator users. If you use weak passwords, again, you will be hacked--it's not a matter of if but a matter of when. I guarantee your site will be attacked.

If you run WordPress you absolutely MUST keep on top of security. I recommend tow free WordPress plugins for everyone who uses WordPress:

1. Wordfence Security: https://wordpress.org/plugins/wordfence/

This free plugin will harden your site. It will email you to let you know of security updates, it will install an automated firewall, it will prevent brute-force hack attacks, and it will cut off anyone who tries to use a known Wordpress compromise.

2. WPS Hide Login: https://wordpress.org/plugins/wps-hide-login/

This free plugin has one purpose: It will move your WordPress login page from wp-login.php to anything you want (such as yoursite.com/my_secret_login_page). This will prevent people from attempting to hack your site by brute-force guessing passwords.

Running a WordPress installation without these plugins is begging for trouble.

From all the hacking of Wordpress that I've seen over the years, running Wordpress seems to be what is "begging for trouble"?

But I suppose this is more a case of selling a product to the masses as a "web site anyone can run" when it requires at least some due diligence and technical investment to keep it from being hacked is the core of the problem. It's not as effortless as a "one click install" as they would have you believe, and too many people seem to think it is.

"(YES/NO) Wordpress doesn't require any technical skill to install and use, anyone familiar with a computer can run it" I'm pretty sure that at least a quarter of the people running wordpress would select YES, because that's what they understood about it and why they bought it. They're not technical people and they want to run a website anyway, and this product appears to deliver that. Not sure if that's mainly the customer's fault, WP's fault, or a fairly even split of responsibility?

So I should install it? Is not automatically installed. Is there any downside or conflict with the ones recommended?

Thanks for all the advice and links. It is a domain I bought for a friend so she has kind of a hobby learning WordPress. Its got SSL and Sitelock but I will install the security software recommended above.

Every time you install another bell/whistle/feature, you add another outside door to your house. Even if it's locked, it's still another door. You're increasing what's called the "attack surface". Every door has a different kind of lock on it. If someone finds a way to pick a certain kind of lock, the more doors you have on your house, the greater the odds that someone can now get in. It also makes it more difficult for you to keep track of, and remember that "oh yeah, I have that, I installed that two years ago, I better get that patched!"

So as a general rule, when running a server, disable all unnecessary services. (and don't add new ones unless you need to) IMHO, this goes double for anything marketed to "non-technical users".

Thanks V1 and Tacit. This really helps.