We all have websites, they're our shop windows but very often they're also our databases. Customers enter their details in the Contact Us form, or fill out questionnaires - and if you've got an e-commerce site its your bank! What if your website was hacked or even worse, taken down? Google blacklists thousands of websites every day for phishing and malware. Putting in a few extra layers of security is simple and you don't need any real technical skills.
First step is to check with your web developer and see what security is in place and if there is a maintenance contract in place. Who is responsible for the many updates to WordPress and the plugins?
Wordpress is very secure but there is a lot you can do to reduce your risk and secure your website.
Wordpress will always notify you of the major updates but your themes and plugins will also need regular updates. These might just be improvements but sometimes they contain security fixes - if you don't do the updates you leave yourself wide open to attacks. Hackers could steal information, or use your site to spread malware to your users. Keep your site up to date.
Your WordPress admin password should be unique and super secure. Don't share it and don't use it anywhere else. The easiest way to manage strong passwords is to use a Password Manager. If you have guest bloggers they only need a user account, don't give them admin privileges. Keep track of all your users and delete redundant ones.
Set up your site that it backs up to remote location. There are a good few solutions that allow you to back up to the cloud solutions like Dropbox. Choose one of the 5 start solutions with more than 500k users - this is usually a good indicator. VaultPress and UpdraftPlus are good options and you don't need to be techy to set them up.
Its likely there are already cyber criminals knocking at the door trying to get into your site. Just like we protect our homes with locks, bolts, security doors and alarms - the more layers there the more of a deterrent it is. Limit Login Attempts Reloaded is a highly rated plugin on Wordpress. There's also security plugin Sucuri which will monitor your site for scanning, malware and login attempts. Its easy to set up and its free. I've just set it up for a client, and it took a few minutes. Be sure to generate the API key first when you set up. Every WordPress site should use a firewall. The Wordpress options all have pros and cons so choose the one that best fits your requirements.
Sucuri offer a free scan tool if you want to check the status of your site right now Website Security Check & Malware Scanner - you just have to enter your website address.
SSL will change your site from http to https and your website visitors will see the padlock symbol in their browser. This tells them that any data sent between their browser and your site is encrypted - essential if you're taking payments or processing data like PPS numbers or even children's information.
Set up a double check. When someone tries to login to your account and change passwords you'll be notified by email or text. Authentication apps like Authy and Google Authenticator now make the extra step super easy.
After reading this a third of you will be off to Wordpress, googling solutions and will have all your new settings in place by lunchtime. A third of you will add to your list of things to do and to worry about, but do nothing. And a third of you will be 'cue panic' and feel completely overwhelmed. All of the above are normal! We can help with any of your stages of website grief. Our tried and trusted method is one bite at a time. Just doing one thing will make your site more secure and then you build on it. If you'd like some help, thats our job. Get in touch.
Data Influence blogs and stories are provided for information only, not legal advice. Always consult your lawyer on legal matters.
