Is your website secure? You may think no one might want to hack your website, especially if you are a smaller business, but hackers will attack website for three main reasons:
- They want to steal access to your data such as your email list, credit card information stored on your website, etc.
- They want to use your site to send spam or scam emails.
- They want to cause your site to download malware to the computer you are using.
The good news is if your website is run on WordPress - the WordPress core software is very secure. This makes it extremely hard to hack into. However, because it's open-source and anyone can write themes or plugins for WordPress not all of these tools can live up to the same code standards and be as secure! This can leave a "window" for hackers to get in.
Six Steps to keep your website secure
Whilst you can't completely secure your website you can take some simple steps to maximise security.
1. Add an SSL certificate
SSL, or Secure Sockets Layer, is a protocol used to secure and encrypt communication between computers. In other words, it helps keep sensitive information on your site incredibly secure. This is shown by a green padlock in the address bar.
Another big reason for adding an SSL certificate to your WordPress site is SEO. Google has will flag sites that store passwords or credit card information without SSL as insecure, as part of a long-term plan to mark all sites, whether they collect information or not, as insecure. In other words, if your site doesn’t have an SSL certificate installed, it could seriously hurt your traffic and sales!
2. Keep themes, plugins, and WordPress updated
Themes and plugins can occasionally have security vulnerabilities, which are patched by the developer as soon as they’re discovered. It’s important to update regularly because many malicious bots specifically search for out-of-date plugins and themes with known vulnerabilities to find a way in!
This can take time and conflicts can occur, but it's really important you try to stay on top of these and WordPress core updates. You can always choose a support package to ensure your website developer does this for you as with our Guard Dog Hosting Package.
3. Uninstall inactive plugins and themes
Even if they are deactivated the themes and plugins can still have security vulnerabilities. So if you're not using them it's best to delete them altogether.
Not only does this boost your security level but it will lessen the resources on your site and increase your loading times! An essential bit of maintenance!
4. Use strong usernames and passwords
This may sound obvious but with the need for multiple online logins, it's one many business owners neglect in favour of ease!
For the username steer clear of some obvious like "admin" or the name of your site... as this will be the first thing a hacker would use as a guess.
As for your password use a password generator that provides a password that contains a mix of capital and lower case letters, numbers and symbols. (We've also written a short guide on how to create safe passwords.) At Purple Dog, we use the tool 1Password to help us keep all our password unique and encrypted.
5. Limit the amount of login attempts
To get through your site’s front door some hackers will continuously try to guess your username and password (otherwise known as brute force attacks). Use a tool or ensure your hosting has a way of blocking an internet address from repeated attempts at logging in.
At Purple Dog, we limit logins to 3 retries to prevent brute force attacks.
6. Move your WordPress login screen
Many WordPress hacks come from malicious bots that are programmed to crawl the web looking for WordPress sites. Once they find one, they’ll add “/wp-admin” to the end of the site’s URL to get to the login screen and try to force their way in.
Whilst premium hosting providers like Purple Dog will offer protection against this kind of behaviour you can add extra security by making your login screen harder to find in the first place.
On our website designs, we now move the login screen to our clients WordPress site with a secret login screen to prevent others from accessing the admin area!
Launching your website takes time and your website is important for your business income and reputation, so don't overlook the critical component of website security! Most threats can be prevented if you just spend a short while implementing these simple steps above.