The best way to keep your website safe is to not have one…Friend that knows website security
That’s what a friend says when we are talking about website security. And you see, he is right. It is really hard to make your website impenetrable.
But there are ways to improve your security.
Ways your website can be compromised
First up, let’s talk in which ways your site can be compromised:
Ok, this is not really that bad, but we’d rather not have spam messages underneath our blog post or in our mail through our contact forms, right?
- Getting data
The hacker can get data from unsuspecting visitors like receiving email addresses or even worse, payment information.
When your site is compromised, hackers can add a virus that if you visit the website, you automatically download a virus.
- Leading to another site
Once your website is hacked, people can use your website to link people to another page. These pages can either have viruses or just plain spam (porn, promoting violence).
- Loading another site on your hosting
Instead of your website, people can see ads or spam when they visit your website.
- Adding content to your hosting
You won’t even notice this one, because your website will appear the same. Still, suddenly there are also illegal books, and other documents on your hosting and people get links to download this from your server. You are responsible for these unlawful acts.
There are probably more ways that your website can be compromised…
That shows that making sure your website is safe is vital for your business, your clients and your potential leads.
Keep your WordPress website safe
Below are ways to improve your website and make it safer.
Use a good hosting provider
First things first: get a trustworthy provider! A reputable provider will have good security on their servers and will try and keep your website safe from the get-go. They will have processes in place that if one site gets hacked, they will quarantine it to make cross-contamination less likely. This is a starting point but an important one.
Make sure your website is secured when you log in. SSL is a security certificate that helps ensure that data handled by your website is not going anywhere else than the place it should go. So not towards hackers and such. SSL is obliged in many countries if you ask for email addresses, names, phone numbers and the likes from clients. It is unquestionably needed if customers can pay you through the website. But guess what: your login is data too! So getting an SSL certificate is a good idea no matter what your site does!
Most providers can help you get an SSL certificate.
Secure password (and login name)
When typing in your name and password, make sure they are good ones! If you use ‘Admin’ as your name and ‘Welcome01’ as your password, I can almost guarantee you that you will get hacked. Hackers use automated processes to find your name and password, and these are on the top of their lists. Get yourself a real login name and a complicated password. Use a password vault like LastPass to remember it and any other passwords you have. With LastPass, I don’t need to remember any of my passwords so that I can have different, complicated passwords for every login. And change them regularly!
And just so we are clear, don’t use ‘admin’!
Admin vs editor
Do you need to be an administrator for what you are about to do? For most work on your website, being an editor is more than enough. And if your login information from that visit would get hacked, they would have only the right you did, meaning: they would only have editorial rights, not administrator rights, which means they can do a lot less damage. I used to give all my clients administrator rights but are contemplating stopping that to make chances of getting hacked smaller.
Get rid of any standard pages
If you buy a website from a developer, this is already done for you (if they are any good). However, if you build your website yourself, you will see that a WordPress installation comes with a few standard pages so you can see what it will look like. Please delete those pages, comments, posts, etcetera since they make your website look brand new and therefore an excellent target for hackers.
Use a supported theme
Not all themes play nice. Some are written by people who don’t know enough about coding to keep your website safe. However, there are a lot of paid themes that know precisely what they are doing and, just like WordPress, any vulnerabilities are quickly detected and fixed. So use a supported theme. Extra benefit: you get support when you get stuck.
Use reliable plugins – and not too many
If you are looking for a plugin to do something for you, you are sure to find it. And probably several of them. That is the great thing about plugins for WordPress. It is also one of the most significant security risks for WordPress. A lot of these plugins are either built in a way that leaves ‘holes’ in your website security or is not kept up-to-date, which means those ‘holes’ might appear later on because coding changed. If you install a plugin make sure it has been tested with the version of WordPress you are on, that it has been updated in the last few months and try and see if you can trust the owner of the plugin.
Oh, and while we are on the subject. 1 bad plugin is terrible, ten is worse because it increases your chances. Do not get too many plugins on your website; you need to check and keep up to date.
Your WordPress installation, your theme, your plugins. Each of them will get regular updates because coding changed; they found a vulnerability, or they want to add a feature. By keeping your website updated, it is less likely your website has a known vulnerability that hackers can use.
There are a lot of great plugins out that that help you improve the security of your website. They look for suspicious activity, block IP addresses that keep trying passwords quickly and do a lot of other things to keep your site safe. Some of them also change the URL of your login page or check for viruses on your website. I use Wordfence (free and paid options). Another good option is Securi (paid). I also have a system that checks many stats for all my client websites and security is one of them. This is part of my maintenance offers for clients.
Get a spam filter
You will get spam no matter what. To get rid of this automatically I bought the popular tool Akismet. The Business version of course, as I am a business owner and therefore aren’t allowed to use the free version (and neither are you). I decided that if this tool would stop me having to take down 200 comments a day, taking about 30 minutes of my time, then the $59 would be worth it. Not to worry, your real readers leaving a comment will have no problem. You will receive their comments as usual!
Backups might not be a security feature, but I do think it is essential. Always keep a few backups of your website so that if anything would happen to your site, it can be rectified without needing to rebuild the whole website.
Will you ever be completely secure?
Please know that doing most of these will already radically lower your chances of getting hacked, but not even doing all of them can stop it from happening entirely. That is why backups are so important.
To help my clients, I offer services to keep their websites secure. This means backing up their website, adding extra security measures and updating regularly. These Website Care Plans bring peace by knowing that your website is in good hands. If you want to know more, send me a message.