Security Tips for WordPress Websites
Many businesses were brought down to earth recently with revelations of the Heartbleed bug; not an attempt to hack into our systems but a flaw in the software that we all use and largely take for granted. While it meant that many systems were vulnerable and open to abuse from outside sources, the most worrying thing was that it had been around for a while and nobody had noticed.
Effective website security is paramount for businesses and it needs to be taken seriously. If your site gets hacked then it can cause untold damage to your reputation and as well as your finances. It may seem easy to leave security issues to someone else but it is arguably the responsibility of all of us with a presence online to take the necessary precautions.
Strong Passwords
This is a simple thing for WordPress website users to implement. Your password should be at least 12 characters and include numbers, special characters like (!*&%) and a mix of capital and lowercase letters. Avoid using real words. Think random and stay away from memorable dates and sequences.
Make sure that everyone who has permission to access the admin of your site has a strong password.
You may be surprised to learn that your site suffers from 100s of failed login attempts from automated hacking programs every hour. Don’t make it easy for them.
Don’t Use the Admin Username
It goes without saying that you should change your username from the ‘Admin’ default for just the same reasons as having a strong password. Most hackers know that many people don’t bother to change this simple thing. If you haven’t done it already, then do it now.
Update Your Plugins, Themes and Database Regularly
Updates often contain security patches and other useful software that should be installed as soon as possible. Of course, there is a constant battle to stay ahead of the hackers. Organisations like Microsoft, Security software companies and platforms like WordPress sometimes get caught out, but updating your site when these are available will add another level of security to your domain.
Select the Right Web Host
A lot of your security depends on your web host. Before choosing one, do your research and make sure they have a good history of dealing with security threats. As with most things in this world, you often get what you pay for. While choosing a low cost package may seem like a good idea it could leave your WordPress site vulnerable to a hack.
Limit Login Attempts and Other Plugins
There are a number of useful plugins available for WordPress sites. One of these is Limit Login Attempts. Basically, this only allows someone trying to gain access to your account to input the wrong password, for example, three times before they are locked out.
There are other security plugins that add firewalls to your site, scan for malware and protect your site via .htaccess.
Disclaimer: be careful with plugins, make sure they have good reviews, high quantities of downloads and are suitable for the latest version of WordPress. There are unscrupulous developers who will hide nasties and spurious code in a seemly innocent plugin.
Security Tips for WordPress Websites Have a Clear Security Strategy
It’s not just your WordPress site that needs to be protected. Someone opening a viral email by mistake on their PC can mean that hackers have access to all your passwords and accounts, as many businesses found out in recent times when their computers were taken over by Russian developed malware. Read all about this story on the BBC website by clicking here.
Develop a clear security strategy for your business that everyone who works for you is aware of. Online security is a constant battle of wits against the hackers and we all need to be playing our part in keeping the internet and our WordPress sites safe.