Is your website secure?
I think of my website as my business’s home on the Internet. I’ve taken great care to put it together and I depend on it for my livelihood. Much like my home, I take care to maintain it and keep it secure. So today I’m going to share with you some steps you can take to keep your website secure.
You may think that your website is too small for anyone to take notice, but consider this: every day, over 30,000 websites are hacked. Oftentimes hackers run scripts that allow them to search for websites with vulnerabilities they can take advantage of. These scripts don’t know how big or small your site is. They are searching for opportunities to access sensitive, personal information, such as credit card data, or ways to embed malicious software or files on a site that can be used to redirect traffic or spread malware to other websites.
As much as this sounds scary, there are steps you can take to keep your website secure.
Have a secure login
The first line of defense for your site is to create a secure login. Make sure your admin user name is something not easily guessed — like your name or any combination thereof — and don’t use “Admin.”
Create a secure password, one that is as long as possible and includes upper and lowercase letters, numbers and symbols. I know for me a really good password is also really hard to remember. The temptation is to use the same password for multiple accounts. But that would be a big mistake, because it puts multiple accounts at risk. So this brings me to my next tip.
Use a Password Manager
I use a password manager to store my passwords securely. There are many of them out there, but the one I use is LastPass. I install it on my browser and on all my devices, and it saves all my passwords securely. All I have to remember is the one master password. I also like that LastPass helps me generate strong usernames and passwords when I open a new account. So there’s really no reason not to have a unique password for every account.
Keep Your Software and Plugins Up to Date
From time to time, WordPress and the plugins that are used to run your website are updated with new features. Often updates include important changes to security features and patches for vulnerabilities, so it’s important to stay current. To update your plugins, do them one at a time, checking after each update that nothing has gone wonky on your site. And before you start, be sure to fully backup your website just in case something goes wrong. Which is my next point.
Maintain Regular Backups of Your Website
Should anything go wrong on your website, like something going awry during updating or — heaven forbid — you’re hacked, you’ll want to have backups available so you can restore your site to the last time it was working properly.
Don’t assume your hosting company is doing this for you. Many don’t unless you pay for a management plan. If you use my preferred website host, Websavers, then they take care of backups for you. If you’re not lucky enough to have that taken care of, then you’ll want to consider using backup plugin such as BackupBuddy to schedule regular backups or to run a backup prior to updating plugins and WordPress.
Backup Buddy allows you to send your backups to a number of remote destinations, which you should definitely take advantage of. You don’t want your files saved in the same place as the files that have been hacked or corrupted.
Install a All-in-One Security Plugin
Plugins like iThemes Security or WordFence help protect your site from hackers in a number of ways. They scan for malware, detect changes to files and alert you when someone makes too many failed login attempts, among other things.
What If You Get Hacked?
Website security doesn’t have to be daunting. As you can see, there are some simple steps you can take that go a long way to securing your site. But if you’re still not comfortable with looking after your website security yourself, I’d be happy to help you out with my maintenance and security plan for WordPress websites.
*I value your privacy. You can learn about how I handle information I collect by viewing my Privacy Notice.