WordPress is a fantastic CMS (content management system) that offers flexibility and a great deal of scope when creating a website.
However, have you ever thought about security for your website? It might have been something you've considered and done the basics on, but it's often only thought about when the worst happens.
Without security, your website could be hacked revealing personal customer information. It could also be hijacked and redirected to other websites and in some cases, you could even completely lose your website.
If your business relies on your online business or you've poured time or money into your website the security is an absolute must-have.
Below, I will go through the many ways that you can secure your website and stop unwanted visitors from gaining access.
Why would someone hack my website?
The aim of the hacker is to gain access to your admin login. From here, they can modify files and make changes to your database which allows them to achieve one of the following:
Send Spam - Your website is used to send out spam to people. This can be particularly harmful to your website and could mean that your website is blacklisted which can result in a drop in Google rankings.
Host or redirect malicious content - Hosting bad content on your website will get a bad reputation with Google and will harm your rankings again. Redirects can also be set up which will forward all of your traffic to another website.
Stealing website data - If you have customer details or have a contact form on your website, you can be at risk of the hacker stealing this personal data.
1. Always back up your website
This isn't a prevention method but is a must-have if things go wrong. If your website happens to get hacked or deleted, by backing up your website each day, this means you can easily retrieve your website from its previous back up. I recommend setting up automated backups from your hosting provider or using a plugin each night.
You can use plugins such as BackUpBuddy, Snapshot Pro, Updraft Pro to name a few.
And if you can, back up to the Cloud and not your server or website. If your server or website is compromised you may lose this data too!
2. Premium Security Software
Much like your computer needing anti-virus protection, your WordPress website isn't an exception.
As mentioned above, your website could not only be hacked but could also get viruses. It is therefore imperative that you have plugins installed on your website, as well as on your server to ensure that you're scanning your website files to find those that have been compromised.
If your files have been compromised you will need to remove the malicious code from the infected files or delete them if they are not part of your core WordPress installation.
Some security software companies offer a virus removal service bundled with a free 1-year premium version of their software.
Recommended WordPress Security Plugins: Wordfence, Sucuri, Defender Pro
3. Regular plugin updates
No doubt that every time you check your WordPress website there is ANOTHER plugin update. It can be annoying I know, but it is also very important.
These updates aren't just new features, they fix security bugs within the software itself to prevent any unwanted pests finding vulnerabilities in specific software.
Bots are able to scan your website and find what plugins and themes you are using in order to identify any vulnerabilities in your plugins to gain access
I always recommend making sure that your website is fully backed up before updating any plugins as it can sometimes cause unexpected issues and conflicts with other plugins. You can run a backup or use one of the backup plugins identified in point 1.
3. Strong login credentials
It goes without saying, but you would be surprised the number of easy passwords I see for highly sensitive information.
Another way of gaining access is to simply guess your password. If you have a weak password or a password that you use for everything then it's recommended that you change your password using a mixture of symbols, numerals, upper case and lower case. This also applies to usernames as using ‘admin' or your name will be very easy to work out too.
Bots can quickly cycle through many difficult login combinations if you do not have any security. Most security plugins offer a lockout feature which blocks more than 5 attempts.
4. Two-factor authentication
Let's say the hacker gets access to your passwords and usernames without you knowing. They will be able to access your website and cause harm.
Another safety net which I always use is two-factor authentication – this adds an additional layer of security into the log in area of your website between the login screen and your website dashboard.
The two-factor authentication can be activated using the top security plugins for your website and connects to your phone using Google Authenticator. Your phone will randomly generate a six-digit code every minute. Unless someone has your phone and passcode and your login details it's very unlikely that they will be able to hack in this way.
5. Use a CDN (Content Delivery Network)
A CDN or Content Delivery Network can protect your website against brute force and DDoS attacks*. These are malicious server targetting attacks which will try to break into your website using a bot which will try to guess a large number of login credentials.
A DDoS attack will bombard you with traffic considerably slowing down your website and most often causing the webserver to crash. Such attacks can be avoided if one takes advantage of DDoS mitigation service from reputed firms that offer online security systems. Such services might be able to eliminate the most complex DDoS attacks using behavioural-based technology.
Also, you can use Cloudflare to handle this for you. It's free and easy to set up for multiple websites.
It also has multiple other benefits such as locational server caching, minification, SSL certifications and other tools in order to speed up your website delivery.
*DDoS attacks are targeted attacks which aim to overload your server with traffic causing it to slow down or crash.
[/et_pb_text][et_pb_text _builder_version="4.16" text_font="Open Sans||||||||" text_text_color="#000000" text_font_size="18px" text_line_height="1.8em" link_text_color="#0064f9" header_3_font="Gilroy Bold||||||||" header_3_text_color="#0064f9" header_3_font_size="33px" header_3_line_height="1.6em" custom_margin="37px||37px||false|false" custom_padding="40px||||false|false" global_colors_info="{}"]
6. Choose your plugins wisely!
Installing plugins into your website willy-nilly is a sure way of getting your website hacked. Installing untrustworthy plugins or outdated plugins is a bit like opening the door for hackers and viruses.
If you're unsure about a plugin or it doesn't have many reviews – stay clear at all costs.
To be safe, check reviews of plugins and purchase plugins from reputable websites.
7. Use a decent reliable host
Unreliable or cheap hosting can sometimes mean that it's easy to hack into your website and server. If you're running your website on a dedicated server, always ensure that you're running the latest versions of your control panel and that it also has two-factor authentication.
Recommended Hosts: Flywheel, WP Engine, Cloudways, Nimbus Hosting
