Creating a Secure WordPress Website to resist censorship attempts

As a queer person on the internet, an issue I often see happen to our community is people manipulating the anti-abuse processes on social media websites to silence and censor people they don’t like (sites like Twitter most often are automated and will suspend you based on the number of reports and a few other easily manipulated metrics). I’ve found the best way to keep producing content that won’t disappear forever and to help people find me again is to create a personal website that is secure from take-down attempts and tell my followers to bookmark it. This said if you aren’t careful with how you create, manage, and host your website it is at risk of being censored by people engaging in targeted harassment and defeating the purpose of it in the first place. This post has some tips on how to create a website that’s safe from targeted harassment.

Why WordPress?

WordPress is the most popular publishing software on the internet. It is easy to use, has a huge amount of premade themes and plugins for any possible use case, and a gigantic community. It does have various issues like any software but they can be worked around with proper website management.

Follow basic Cybersecurity advice

Use a password manager and have unique passwords for every account. This reduces the risk that someone can guess one of your passwords and break into all of your accounts. Setup 2-factor authentication whenever it is available to you. Keep your computer and phone’s software up to date to prevent software exploits and virus attacks. Before worrying about the security of your WordPress website protecting your personal devices should be your priority.

I recommend a .IS Domain Name

The .IS registry ISNIC operates the most secure domain name registry on the internet. As long as you create an account directly with them your domain names are very resist against targeted attacks. They have some of the most reasonable policies to abuse management and usually will not get involved for content reasons.

A domain name like registrar like GoDaddy is not as safe to use as they are more likely to be manipulated into suspending a zone for content reasons or if their support staff are harassed enough.

If a .IS Domain Name will not work for your use case consider a .COM or .ORG domain name purchased from Cloudflare or EasyDNS. Both domain name registrars in my experience are better equipped to handle actual abuse cases while not being harassed into suspending random peoples zones.

Pick your DNS Provider carefully

Your DNS Provider (the name-servers for your website) is an equally important decision to your domain name and the associated registrar. In the event they have an issue it can take between two days to a week for your domain name registrar to update the NS records on their end to a new provider. Many hosting providers (for example WordPress.com and Kinsta) offer DNS hosting, if yours does not you will need to choose a reliable provider.

You’ll need to do your own research. Services I’ve looked at that seem promising are DNSMadeEasy, NSOne, and Amazon Route 53 although all of these services do incur an additional monthly fee and aren’t good for all use cases.

Use a Managed WordPress Hosting Provider

Unless you are an expert and are ready to deal with the full time job of managing WordPress Security I would recommend using a Managed WordPress Hosting Provider. WordPress.com is another good choice if plugin access is not as important to you.

By using a Managed WordPress Hosting Provider you ensure that the people hosting your website are experts in WordPress and are able to help you when something goes wrong. While you could just setup your own server running WordPress the benefit to you is that you have their support and security teams ready to help you and to protect your website. The drawback is that this type of hosting is considerably more expensive. The benefits easily make up for the additional cost.

Research the companies you are using ahead of time

Beyond specific product or platform suggestions, just doing your own research is probably the best advice I can give. You’ll want to make sure that whatever company you choose to use has a good reputation in hosting WordPress websites. You’ll want to research how they’ve handled abuse issues in the past as a reference for whether you’ll be treated fairly. By taking this step now you protect yourself from potential attacks in the future.