Just about every WordPress site is vulnerable to to hackers, yet many site owners don’t take the precautions to protect their sites. Even the most low-level hackers can get past a site’s security with the most simple tools. If you’re working on a simple business blog it is worth ensuring the site is secure, preventing a hack can save tons of time and money. So what can webmasters do to protect their sites?
Keep it Updated
It’s vital to keep your themes, plugins, and security settings up to date. Too often we will login to a client’s site to see a number of plugins that are out of date. It’s easy for webmasters to simply overlook these standards, because it may not be adding much value. Bots are scanning the web continuously, waiting for holes in security plugins. For this reason it’s important to stay up to date with your plugins, and it only takes a few clicks to complete the process. Tell your team, whoever has access to the backend of the site, to update plugins whenever one is present.
Make Your Passwords Complex
This should be common knowledge, however users still tend to set their passwords to something incredibly simple. Keep in mind, size matters, longer passwords are harder for hackers to crack. A password with seven characters can be cracked within a few seconds, however, adding one additional character can increase that time by a few hours. Ideally, when creating a password it should utilize capital letters, symbols, and numbers. The more complex, the harder it is to figure out.
Lose the Login Hints
You’ve put in a wrong password multiple times and need some login hints to remember the your credentials. These hints are usually information that you can think of rather quickly, and often easy to find on the web. For instance, a hint may be “what high school did you go to?”, this can be easy for a hacker to find. Social networking sites such as Facebook and LinkedIN will often show this information to just about anyone.
To remove this feature a simple code can be added to the code.
The other option is to install a plugin that restricts the action from happening.
Install SSL
Installing a SSL (secure sockets layer) can help provide an extra layer of security to your site, but keep in mind it won’t protect against all attacks. This security layer helps encrypt communication between the browser and the site’s server, limiting hackers from intercepting information between the two. SSL can help protect a user’s information when a form is filled out or an order is placed. The extra line of defense can help keep your site a bit more secure from hackers.
Pick a Hosting Provider That’s Secure
Nearly 50% of WordPress hacks happen because of poor security on the host’s platform. By simply selecting a quality hosting site can eliminate half of your security issues. Make sure to complete your research before choosing a hosting company. Simply don’t make your decision on the price, there’s a number of verified providers that have a proven track record.
Backup Your Site
Catastrophic events can happen in an instant and in a blink of an eye your entire site can vanish. Unless it’s been backed up. Unfortunately, sites are not backed up very often. Webmasters should be backing up the site’s information daily, ensuring no information is lost.
Once the information is backed up, it’s important to store the information properly. Many of the places backups are stored are on unpatched versions of a CMS and extensions. Hackers have the ability to access your servers through these extensions.