WordPress is a quick and easy way to create a website.

A lot, lot, easier than when I first started on the web when I had to learn how to create web pages by hand: initially there were no web page designers apart from Notepad, then a few came along but most were clunky and/or expensive. Then, once the page was created, it had to be uploaded to the web with an FTP program, initially paid, nowadays free.

All that’s in the past if you use WordPress. Page design is handled with enough options for headlines, bolding text and adding images, videos or audios.

But one thing that you still need to do is make sure that WordPress is kept up to date.

Because of its popularity, it attracts unwanted people like bees round a honey pot.

They come in various forms – malicious ones who delight in messing up your site as well as the ones who want to spam your comments section to death, wasting your time in the process.

Fortunately, there are some simple ways to keep yourself protected from most (usually all) of these issues.

And – being WordPress – they’re usually free or cheap.

Every few months, an offer comes out for the latest and greatest WordPress security plugin but there’s one that you can use right now that does the job just fine:

WordFence.

It comes in free and paid options but the free one is perfectly fine.

You get notified when something in your WordPress installation needs updating – WordPress still hasn’t totally automated the update process (we’re back to computers breaking things inadvertently when that happens, to the choice is often left to you) but WordFence sends you an email when something needs to happen.

It’s then a matter of logging on to your dashboard, selecting the updates that need to happen and letting them take place.

On top of that, it keeps hackers at bay by limiting the number of times they can try to gain access to your site. After a few attempts, they’re locked out for long enough to give the automatic program they’re using the news that this isn’t going to work and it moves on. Couple this with a good user name (don’t choose “admin” and don’t show the actual user name against your posts) and a strong password (let WordPress auto generate something stupidly strong and let your browser remember it) and you’re good to go.

Spam comments are a different matter.

The easiest way is to turn comments off completely – maybe after a set number of days so that regular readers can contribute but drive-by spammers can’t.

That works but means if your page gets suddenly discovered people can’t contribute their views – which could still be good news or may bug you.

Akismet is the default WordPress anti spam plugin. It requests payment to use it (that’s one of the ways WordPress earn money) and it can get over-enthusiastic about who it blocks. Unless you regularly check your spam comments and delve through all the junk, you’ll never know.

Because spotting spam with a computer program is a mix of art and science, things will never be perfect. There are lots of different systems out there – another option is to use a “honeypot” plugin. This adds an extra box on screen that won’t be seen by humans (because it’s not designed to be seen by us) but will be seen by the programs that send out spam comments. Because if those programs see a box, they complete it. Not perfect but a good line of defence.

Yet another option is to use a third party system like Disqus or Facebook. There are plugins to use these systems and you may decide they can work for your site.

Don’t spend too much time fretting over the comments side of things – the number of comments most sites get could be counted on the fingers of one hand – just keep it in mind for when your site gets busy.