WordPress security is a hot topic recently, and there’s little question why. In the last year alone, the US Army, Sony Pictures and Target’s websites have been hacked, with Target shelling out $10 million in a lawsuit over a massive data breach. As a matter of fact, just a few a weeks ago, my former health insurance carrier in Washington, DC issued an alarm, urging a username and password change after a security breach left my name, birth date and former address exposed like little h’orderves on an unprotected data platter.
Risk is unavoidable in an increasingly dodgy online world.
So, how concerned should you be about WordPress security, and what steps can you take to minimize the risk of being hacked or losing sleep at night?
Hackers Love Low-Hanging Fruit
One of the biggest mistake I see business owners make is blowing off routine maintenance after the launch of their sites.
When developed correctly, a newly minted WordPress install sits high atop the WordPress Apple Tree, so to speak. All the software that runs your site will be the latest and greatest, which means any known threats to earlier versions of WordPress and related software have been dealt with.
The level of threat a site has during the first months of its online existence can be minimal, but the longer your site hangs on the tree, the heavier your risk will be. Think of it this way, every time you miss a security update, the closer your apples drop closer to the ground, making it all the more tempting and easy for hackers to pick.
How to Protect Your Site with WordPress Security
Having developed numerous Wordpress sites over the years, I have yet to witness a site get hacked that was:
- Kept up-to-date via routine maintenance
- Protected with a security plugin
- Hosted by a top notch hosting service
- Built with a theme or framework authored by an elite authoring company
Security breaches are often the result of server vulnerabilities, weak passwords or sloppy installations, which is why hiring a professional designer can save you a lot of trouble.
The Three Tiers of Hacker-Resistant WordPress Security
Cultivating a hacker-resistant, fresh web presence that is maintained in the uppermost branches of our metaphorical WordPress Tree really isn’t that difficult, requiring a simple three-tiered approach along with some common sense practices:
Protection for WordPress Sites
It stands to reason that the health of your website is similar to your personal health. It’s a lot easier to prevent lung cancer by avoiding cigarettes than taking your chances and waiting to see how well you respond to chemotherapy. You’re much better off having your web designer button your site down with competent maintenance while implementing some best practices yourself.
- Keep everything up to date. Your Wordpress version, theme software and all plugins (activated or not) should be checked for updates on a monthly basis*
- Install a security plugin. This is an absolute must. These plugins can be configured to block repeated bad logins (Brute Force Attacks) and will notify your webmaster if any suspicious file changes take place. It’s important to know that locking down a site too tightly can lead to cumbersome notices and alerts that can clog your inbox. At the very least, your plugin should be set to its default and be able to detect malware.
- Password strength. A good security plugin will take care of this, issuing an error message if your password is too weak. Basic rule of thumb is to incorporate upper and lowercase, at least one numeral and 1 strange symbol, such as these: ^(@+=. Never use the same password in more than one place.
- Limit admin access to trusted users. WordPress allows for a variety of user access levels. For instance, your assistant probably doesn’t need to have full access to the back-end of your site to create blog posts, so granting Author or Editor status will suffice.
*A word of caution: it is strongly advised to do a full site backup prior to updating WordPress, your theme and plugins. There is always a small chance an upgrade will cause a conflict, leading to a site break. Always consult with your webmaster before taking this on yourself.
In my view, the most dangerous security issues are the ones you don’t know have happened. Regardless of the protective measures one takes, an attack might occur and you’re one giant leap ahead of the game if measures are in place to alert you. Malware detection is important because attacks aren’t always obvious. Your site may seem to be functioning perfectly well, but a script may have been inserted somewhere on the backend of your website that could lead to performance issues or bigger problems down the road.
We install and configure iThemes Security, which includes malware detection. Your hosting service should provide an additional layer of malware detection and will notify you in the event something is flagged during their routine maintenance.
Recovery – Back up Your WordPress Site!
At Clearly Presentable, we include full site back-ups for clients who have us on retainer or are on a monthly maintenance plan. In the unlikely event an update causes your site to break, or your site is attacked, your entire site (not just the database) will be retrievable. Simple database backups are not enough. Our backups include every nuance and customization to your layout and design in addition to your written and uploaded content.
Doing business online has given risks, just like stepping into the shower every morning can be tricky. The days of being cavalier with something as important as your online presence are becoming a thing of the past. I don’t know anyone who operates a bonafide business who can afford the mental and financial stress of having their site go down for a number of days, let alone losing entire chunks of content that might need to be redesigned or recreated.
Making sure your software is current and taking some basic steps to keep your it from becoming easy prey for hackers can go a long way to saving both time, energy and money that is better spent on doing what you do best by serving your best customers.
Please visit our web design services page to find out more about Monthly WordPress Security Maintenance Plan.