Building your WordPress site can be a labor-intensive endeavor, but the reality is whether it is a blog site, e-commerce site, both, and neither, safety is a primary concern of your site. The reality is that your site’s reputation is only one incident away from having its reputation forever tarnished by a security breach. Want an example of this? Target has yet to gain its reputation back from the massive hack that happened several years ago. People are still wary of signing up for Target cards, and this is despite the serious savings that the card offers. Your site is not as big as Target’s, but if a hacker finds their way into your site, and your site is responsible for people’s lives being at best, mildly inconvenienced and at worst ruined, you’re in a lot of trouble. And the problem is you don’t have the vast capital that Target does to weather the storm.
Each day more than 100,000 sites are hacked, this may seem like a small amount compared to all the sites online, but do you really want your site to be one of them? The problem is 90% of the sites hacked are WordPress sites. There are plenty of themes and extensions relating to security. You can do more though, and while building your site via a blogging platform such as WordPress can be risky, the reality is that unless you are a skilled coder and can build a website from scratch, you need the services something like WordPress can offer. The next step then is making sure that you know the security tricks that can make your WordPress site that much more secure – and these are tricks that are more than keeping all your extensions, themes, and site itself updated. That said, make sure you do apply all the updates as they come out, because security is a main part of those patches. These three security tricks will make your WordPress site that much less attractive to hackers looking to do you harm.
Install Top Security Plug-Ins
Just like certain brands have plans and solutions for anything, WordPress is a place where there is a plug-in for everything. The good thing is that security is one of the things that there is a plug-in for. There are so many WordPress security themes that you may be wondering which is the best one for you. The good news is there are five WordPress security plug-ins that have received high marks from everyone involved who knows a little bit about keeping a website secure. Here are the top 5 WordPress security plug-ins:
- iThemes
- Wordfence
- Sucuri
- All in One WP Security & Firewall
- Shield Security
When it comes to these plug-ins, you are going to see a lot of different features, making sure that your site is secure. Naturally you may feel overwhelmed, but you need to understand how each of these features work. Furthermore, if you don’t choose one of the give plug-ins above, you need to make sure all of these features are enabled within the plug-in so that you get comprehensive security. Here are the important features:
- WordPress Firewall: Keeps out lots of malicious traffic and only lets in proper traffic
- IP and User Blacklisting: A “ban” list for bad IP addresses and refuses access to the site
- Malware Scanning: Keeps site free of malware
- Strong Password Generator: Avoids the same in having easily hacked passwords to the site
- Two-Factor Authentication: A better way to verify someone is who they say they are
- File Change Logs: See who edited the site and when
- Force Passwords to Expire: A simple way to enhance security
- Monitoring for Suspicious Activity: Just means something is always watching the site
The goal for the WordPress plug-in is for you to be able to do very little in terms of actively monitoring the site. Of course, you need to read the reports that come out from these plug-ins, but the bottom line is that they handle most of the security issues that could be encountered. Make sure you are understanding what these plug-ins do so when you have to take active measures, you are aware of where the problems are thanks to the vast automation here.
Secure Hosting
If you are doing everything to keep your site secure but your host is insecure, then the reality is people won’t come to your site because in order to get to your site, they need to be exposed to a lot of crap. Secure hosting is really important because there are things you can’t control on your WordPress site – an example of this is a DDoS attack. DDoS attacks are when so many requests are made on a server that the server is unable to keep up with them, forcing the server to overload. This means your site will not load on people’s browsers – and the worst part is you have no control over this.
A good hosting site will have backups in place along with server-level firewalls and allow you to have your site isolated within the server. These basic things are the keystones to having a good relationship with your site host.
Always Have a Backup
If you have done everything correct and your site does get hacked, you need a backup. Government sites are a great example – they get hacked a great deal but there are backups that can be run immediately while the problem is fixed. Make sure to back up your site. The reason is the backup is the last time your site was in good hands. You don’t want to pull your site offline because of a hack or leave up the hacked version. Instead, you can run the backup – in many cases, this will happen automatically – and that will take a load of pressure off you. The backup is one of the most critical things you can do in order to keep your WordPress site up and running without security risks.
Information security specialist, currently working as risk infrastructure specialist & investigator.
15 years of experience in risk and control process, security audit support, business continuity design and support, workgroup management and information security standards.