Having a WordPress hosted website for your business is great. There are hundreds of plugins that can be easily installed, that are available to tailor your site to meet your requirements. With countless customisable options you can use to make your site look the best it can be, it’s the virtual business card of you and your business after all, so why not take pride in your accomplishment!
But what happens when something goes wrong?
Every year millions of websites are successfully attacked by hackers and bots that can cause havoc. This includes stealing personal data that is stored on the website, change access permissions, deface and alter the websites structure, or in rare cases completely remove the site and all of its data, permanently.
This is why we take our WordPress security very seriously at Crucial, and there are steps you can take to help keep your website protected from attacks too!
Limit Login attempts
As a default, WordPress does not have a limit on how many times someone can attempt to log in to your account. This leaves your site open to what is called a ‘Brute force’ attack. This is when a program is designed to enter different credentials repeatedly until the right combination is entered and access is granted.
This can be countered very easily by downloading the Log In Lockdown plugin that limits the number of log in attempts that can be made, and if the limit is reached, temporarily locks the account down for a predetermined amount of time.
Another login security feature you should have is a 2 factor authentication, which requires the user to enter the usual password as well as a second security protocol such as a secret question, code or set of characters.
WordPress Security updates
In today’s online world, everything needs to be updated. From product offerings on an ecommerce site, to behind the scenes coding and website security. With WordPress being the most used website builder in the world, they have a responsibility to maintain their own product by frequently releasing patches and updates. These WordPress security updates will automatically pass on to you as a user, however with major updates that could take time, and possibly change how your site may look and work behind the scenes, you will have to manually install them when prompted. You will likely be notified when such updates are available, but it can’t hurt to do a check every few days / weeks to make sure you have the most recent update and security. This goes the same with any plugins that you have installed, these may not automatically update so you will need to regularly check them too.
Another tip is to hide the WordPress version number that your site is currently running, this can be done by purchasing a reputable security plugin like Backup Buddy. This will stop any potential attacker from knowing which version you have, and make their life a little harder!
Use a WordPress backup solution
Unfortunately, no website is 100% secure, regardless of if you have the latest WordPress security update. Even the most secure government website can and has been hacked. If it does happen however, using a backup solution is a great way of getting the site back up on its feet quickly. Using a backup is basically storing an updated version of your website on a seperate storage solution, that can be activated if needed.
Backups require regular updates, these can be done automatically if you download the afore mentioned Backup Buddy plugin.
SSL Security certificates
SSL certificates are a very strong and highly regarded way to secure your WordPress website. Take a look at the address bar at the top of the internet browser you are using, there is a small green padlock next to the word ‘Secure’. This means that the Crucial website has a SSL certificate applied to it, and that it has encrypted the data transfer from your browser to the server to protect from interception. Furthermore, since last year SSL certificates positively affects your websites Google ranking which can result in more traffic to your site!
SSL certificates are easy to purchase and install, in fact we offer different levels of SSL certificates here. For more information, call our sales team on 1300 884 839 and press 1, or email at firstname.lastname@example.org .
Use trusted WordPress Plugins
As you have probably gathered, WordPress relies heavily on plugins to increase its offerings to customers. While this is great for customisability, some can degrade your site’s security. Only download and install plugins that have had several downloads, research plugins on third party sites to identify any issues that may have arisen in the past and see if they have been resolved and if in doubt, don’t download.
Keeping your site secure is a pretty simple process, and it can make all the difference. What are your top tips for securing your WordPress site? And which plugins would you recommend to your fellow webmasters? Leave a comment below and let us know!