5 super-important tips for WordPress Website Security
Website security is something that we often don’t think about until it is too late.
The importance of website security for WordPress sites is easily overlooked. We think “my business is too small – no one would bother hacking me.” Or “I don’t have an ecommerce site, so I’m safe!” Unfortunately, small businesses have become a huge target for hackers because they are often relatively unprotected. In fact, 43% of all cyber attacks target the little guys like us.
The good news is that there are steps we can take to protect ourselves! Here are five things you should start doing today to keep your website safe.
1. Update Regularly
Having out-of-date WordPress versions, themes, and plugins present serious vulnerabilities that hackers see as a gold mine. A majority of updates released are meant to fix bugs and contain necessary security patches to protect their product and its users. Just be sure to test everything thoroughly after performing any updates. Watch for conflicts that could impact your site’s performance – or even take it down.
2. Set strong passwords
This is an absolute must! Passwords can be the weakest link in a computer security scheme. Strong passwords are important because password cracking tools continue to improve and the computers used to crack passwords are more powerful. We use LastPass to ensure our passwords – and our clients’ too – are unique and secure.
3. Create regular backups
You could fall prey to a malicious hacking attempt, your site could crash due to a faulty plugin, or maybe your hosting platform’s security falls short. Taking regular backups ensures you have a safe and secure version of your website in case something goes wrong. Storing your backups off-site – on a different server from your website – adds an extra layer of protection. Updraft Plus has a free plugin that can take care of business for you, but there are many others out there. Be sure to do your research and read reviews before you make a decision.
4. Add an SSL certificate
If you sell products, have contact forms, or collect email addresses, it is a must that you have an SSL certificate installed. SSL basically encrypts the data being sent between the computer and the server to make it impossible for a third party to read and process. In fact, we strongly recommend that ALL websites have SSL certificates. Chrome, Google’s web browser, considers it to be so important that they have started flagging sites without SSL; perhaps more importantly for some, having an unsecured site can negatively impact search engine results.
5. Use security plugins
I can’t emphasize this enough. A WordPress security plugin provides many valuable functions, but at its most basic, a WordPress security plugin protects your website from attacks during the time it is vulnerable. We use WordFence, Sucuri, or a combination of both to protect our clients’ websites and run scans.
Taking this steps will go a long way toward keeping your website safe and secure. But remember – we’re in a constant battle with the bad guys. It’s important to make website security a habit, and to keep up with new scams and safety requirements.
let us do it for you!
If handling all of this yourself sounds overwhelming or you simply want to focus your time in other areas of your business, then a maintenance plan could be the right choice for you.
Learn more about our SiteCare website maintenance packages for WordPress, or schedule a free consultation and let’s talk about it!