Recently we came across a website developer who considered having what he called ‘c lean code’ is all that is needed to secure one’s website. To say we were shocked and horrified is to put things mildly. Hence we decided to write this article: We don’t Need to Secure our WP Website – Really?
How in this current climate online that people continue to think they don’t need to do anything to secure their website/s is beyond us. Regularly plastered over the news are businesses and their sites being hacked and their customers’ details are being compromised. Yes, we acknowledge a lot of these sites belong to big businesses. However, ask yourself the question. If big businesses are regularly having their sites hacked and they have all the security bells and whistles, exactly why do I think my small business site cannot receive the same fate?
In many respects, security is only taken seriously by small businesses and individuals (or sole traders) when they in fact actually experience their site being hacked. In other words they become proactive after the fact rather than ensure they have all relevant security measures in place to thwart hackers in the first instance.
There are some basic security measures for WordPress sites that you can put into place, in order to secure your website (and your business) as much as humanly possible. These being:
- Install the following security plugins (from within your WP website dashboard administration area:
- Wordfence – there is a free version and a paid version. Whilst we recommend the paid version so you can country block, the free version is a very good step in the right direction.
- Captcha Bank – the free version will suffice. This ensures that when you or your members have to login they have to complete either a logic (numerical maths sequence) or type in text letters and/or numbers. This stops spammers and scammers using a scanner to try and hack into your website by guessing your username and password.
- WP-SpamShield – again this is a free plugin which will keep the spammers at bay and block spammers from placing spammy comments and the like into your comments section or your contact forms.
- Purchase (and yes, there is no free version, however the paid version gives you a license for 100 websites) WP Guardian. This is a new security plugin on the market and it is brilliant. Sometimes it may give you a false positive, i.e. lock you out as the administrator, however they do have a back-up measure if this happens and you can subsequently whitelist your IP address so that the plugin doesn’t do this in future.
These are our top 5 good recommendations to increase and enhance the security of your website. Other measures you can take include:
- If you are using the words ‘admin’ or ‘administrator’ as a username, go to your webhosting provider technical support and request the username is changed to something entirely different.
- If you are using the domain name as your username, again go to your webhosting provider technical support and request there are some symbols included into the username. Again this will thwart potential hackers who set up their scanners.
- Never use the word ‘test’ as your username. This is another very common word – along with admin that potential hackers try and use to break into your website.
- Ensure you use a strong password, which includes alpha/numeric/symbols in the password and ensure you write both the new username and password down, so you are not inadvertently locked out as the administrator.
- Ensure if you have guest writers who regularly write for your blog or website, that they are not given a user account with full access to the backend of your website. This being, if their own systems get hacked, then your website will not be subsequently hacked because they don’t have full administration access to your website.
You can continue with the false premise that your website cannot be hacked or alternatively you can create an insurance package to support and assist you to have security features in place to stump the hackers. Would you not insure your home or car against theft or damage? We insure our possessions against the potential of theft or damage happening; not because we believe theft or damage will happen.
Same with websites. We take every security measure possible to insure ourselves against theft or damage happening and not because we believe it will happen. As the saying goes: “An ounce of prevention is better than a ton of cure”. Be Wise.
If you would like (EDP) Every Day People to undertake the Website Administration of your WordPress site, we’re only too happy to talk to you. You can check out our website administration packages here; so you don’t continue with the thinking: We Don’t Need to Secure our WP Website – Really?