TIP #7: Website Security Tips
If you’re scared by the time you read these website security tips, then I’ve accomplished what I set out to do. I’m not typically a fear monger, but in this case, I want to make you shake enough to help yourself.
You’ve probably heard the term “hacker” before. You may have even known someone who knew someone who got hacked. But, do you know what this really means? And, do you realize that you CAN protect yourself against them?
A hacker is a particular species of vermin that lives throughout the world and gets into your website through an openings and wreaks havoc by inserting malicious codes. They might redirect your visitors to a site of their choice, or broadcast obscenities to your visitors, or turn your site into a weapon that destroys other innocent websites—or completely destroy your site. Just like the vermin that can infest your house, it’s crucial to keep the hackers from ever getting in, because it’s REALLY difficult to get them out.
WordPress sites are a particularly popular target for hackers because of there are a ton of them and they have known inherent vulnerabilities. Although WordPress has a concerned team of techs dedicated to staying one step ahead of the hackers, this does not relieve you from proactively protecting yourself.
An article on Wordfence.com stated that, in late October 2015, there was an “approximate doubling of brute force attacks [AKA break ins] on WordPress sites”—from 10,000 to about 20,000 per minute. And, this is not even the highest they’ve seen.
Just last week, I went to login into to one of my personal WordPress websites and got a dreaded white screen with a blunt message:
“Error accessing database. Please contact your server.”
Turns out a rash of brute force attacks had slammed my host server and sent it into ninja mode. The good news? The hackers hit a virtual brick wall when they attempted to gain access to all of my sites, so I did not get infected.
I want you to be so fortunate—which is why I am sharing some website security tips.
Website Security Tips
Here are several key website security tips to give you peace of mind:
- Use secure user names and passwords. Do not use the same user name and password for all of your logins, especially if it is some variation of a pet, child or maiden name with your birth year thrown in for good measure. Do use passwords that make your head spin. Read my post on using a password manager, which comes with a Password Generator, and sign up today. The cost and effort are minuscule compared to what it will take to rebuild a hacked website.
- Use a reCAPTCHA plugin. Using a reCaptcha plugin offers protection against robot hackers who attempt to login to your Wordpress admin area or spam your contact form(s).
- Install a reputable and effective security plugin. The better ones scan your site to make sure it’s clean, then protect it against brute force attacks, malware, and spam. Some even speed up your site. Brute Force [part of the Jetpack plugin], WordFence, and iThemes Security are three of the best.
- Make sure you have a full (and current) site backup that is not stored on your server. A backup of anything is never a bad idea. Some website hosts offer this option for an extra fee, but many don’t so it’s a mistake to assume your site is backed up. Make sure your site is being regularly backed up and the backup files are being stored off the server. If you do get hacked and you’ve backed up your site, getting back online may be as simple as restoring your latest backup. Want to tackle this yourself? We recommend UpdraftPlus. (We offer a backup service if you’re too busy or too overwhelmed to tackle this.)
- Perform regular maintenance on your site. Up-to-date plugins and the latest versions of WordPress and your WordPress theme are CRUCIAL. It’s said that 32% of websites are hacked due to a WordPress vulnerability and 40% through outdated plugins. By updating to current versions, you are closing doors into your website. Staying up to date also ensures that your website is running faster, so you aren’t being punished by Google’s algorithm for being too slow.
Either find the time to tackle every one of these website security tips yourself or give us a call. We offer a reasonably priced Website Security Add On that will have you locked down and backed up within days. It’s a worthy and necessary investment.