One thing people tend to overlook when maintaining their site after the web design and development is complete is keeping it secure. Some web designers themselves do not put in place the proper practices to make sure a client site is as secure as it can be. In this day and age, online security is only going to become a more important element. There are far too many bots, hackers, and malware to let your website’s security lapse. WordPress is generally a pretty secure CMS. Though more and more it is targeted by hackers at certain “weaknesses” that lax security leaves wide open.
What’s the worst that can happen?
True story. A high-end restaurant has its site built on WordPress. The website has been hacked for months. The owner built the site himself and did not know to take precautions to keep the site from being hacked. This restaurant’s target market is older and well to do. The website being hacked now shows Viagra ads. The owner hadn’t updated WordPress in a long time and has no backup of the uncorrupted website. This is called being up shits creek without a paddle.
Really? Yup. None of these precautions below are worth a damn if you are logging into your WordPress website on a computer with a virus, malware, or spyware. Be sure to have a good firewall and anti-virus software set up with regular scans, especially if you own a PC. And of course, be careful what sites you visit. It is also important to keep your operating system up to date and your browser version current.
We all know making backups isn’t fun. And it’s seldom appreciated until that one time, maybe years down the line, that it literally saves you. Then all the effort is well worth it. There are many different ways to make backups of your site. Free to paid options that will automatically backup your site once a day or once a week. It is best used with a system like Vaultpress that will also monitor for hacks and viruses’. If you update your site often, by blogging or adding products it is smartest to invest in a plugin to back it up. But check with our hosting as well, some of the best-shared hosts offer backups. By having backups, if a virus or malware is found the install can be wiped and a fresh install with the pre-hacked site version can be loaded.
Passwords & Usernames
If you have an administrator WordPress login with the username Admin. change it now. That is the most common way someone can get into your account. Especially if you don’t have something like Limit Login Attempts set up. Your username can be anything, be creative, and hard to guess. For posts or pages that show the author name, you can simply go to Users-Settings and change the “Nickname”.
Passwords need to be more and more complicated and unique to be the most effective and secure. Far too often I see clients using the same passwords for multiple accounts and often passwords that are easy to guess if you snooped around.
It can be annoying how often WordPress updates. But WordPress does this to install security patches and to keep your site secure. As well as adding features and a change in UI. Keeping your WordPress install updated and your plugins updated is a great way to keep your site secure. An old plugin that hasn’t been updated is a site vulnerability. And this weakness could be a way to take control of your site. Another smart trick is to delete any themes that you do not use. WordPress comes loaded with defaults, and if you had gone through a few themes before deciding on one then there are those as well. Delete them. The same goes for any unused plugins. Don’t be a hoarder. Keep your house clean.
There are a number of great plugins to help keep your WordPress website secure. Whether you need to set these up also depends on your hosting. Some hosting such as Siteground and WP Engine already handle a lot of the functions the plugins do. Precautions such as a website firewall, malware scanning, login security, and removing information that gives hackers a way in are all important.
One of the more popular free plugins to handle security is Sucuri Security. This handles a lot of extra precautions to tighten up your security. Things such as malware scanning, 2-factor authentication, and forcing secure logins which go a long way to keeping hackers and bots out.
The bottom line is that you really want to make sure you keep your WordPress site locked down and updated. A little extra time and effort can prevent untold hours of frustration, work, and lost revenue. No one wants their brand new web design to get hacked or messed with. A little bit of work here can go a long way.