Your website is a vital part of your business and waking up to find out it's been hacked, can be just a little frustrating...
Firstly, you have to understand that all websites get attacked, big or small. The majority of attacks are from completely automated scripts created by hackers that scan the internet and then check each site for weaknesses. Some of these hackers have malicious intents like uploading and distributing malware, using one site to attack another, creating spam, but in some cases, they do it just for fun.
Currently, 35% of all websites are powered by WordPress, bringing the total number to around 445 million sites. All websites are vulnerable to these scripts, but due to the total number of Wordpress sites out there it creates this false illusion that Wordpress is a common target. Wordpress offers multiple hardened security solutions to protect your website, but its your responsibility to put them in place.
So what can you do to protect your website?
Step 1: Use strong passwords.
This chart shows how long it takes a simple brute-force attack to break into your website. As you can see, these attacks can quickly crack usernames and simple passwords to grant full access to your website.
It’s amazing how many business owners we’ve worked with that access all their private accounts with the same ‘super-strong’ password of BusinessName123. (or something similar).
There is no excuse for using weak passwords as you can easily enforce strong passwords for all users that have access to your website. We’d also recommend enabling two-factor authentication to make it even more difficult for unwanted people to get into your admin area.
On a side note, if your WordPress username is ‘admin’ you need to fix that now. (You’re basically asking to get hacked, go and update it right now and come back to this blog afterwards)
Step 2: Don’t ‘cheap out’ on your website hosting.
With web hosting, you get what you pay for. Some hosting companies don’t offer servers that are secure and well optimised for WordPress websites.
Website speed and security should dictate your choice of hosting provider. If the hosting package doesn’t come with an SSL certificate as standard, don’t even waste your time.
Better hosting providers can block the majority of common attacks before they even reach your homepage. Going for a £5 per month hosting package may end up costing you a lot more in the long run.
Step 3: Action website updates regularly.
The ‘launch it and leave it’ attitude doesn’t work. Websites need updates and regular maintenance. We find that the majority of sites we come across aren’t being updated due to the owner’s fear of breaking things.
WordPress, Themes, Plugins & PHP often release small updates with security patches. Neglecting these updates opens up multiple backdoor routes into your website.
Right Angle offers a full hosting & maintenance package to give you complete peace of mind. We take daily backups and test all updates to ensure they won’t break your website.
Most of the time, investing in website maintenance is cheaper than trying to repair a broken website (as some hacks can’t be fixed without a complete rebuild).
Step 4: Review & remove unnecessary resources.
There are thousands of plugins and themes available for WordPress, from trusted and not-so-trusted sources. It may be tempting to add loads of ‘cool’ new features to your site, but it may be doing more damage than good. We’ve got a couple of points when it comes to this:
Always use plugins from the official WordPress repositories, but if you have to use external downloads, do your research before clicking install.
When it comes to cleaning up your website the general rule is ‘if you don’t NEED it, remove it.’
Every plugin on your website adds a little bit of time to your page load speed. It’s common knowledge that page load speed is a Google Ranking Factor, that means…
more plugins = slower website = lower Google rankings.
The success of your website is all down to good housekeeping.
Step 5: Install a security plugin.
Slightly controversial to the previous point, but a reliable security plugin is a necessity. Plugins like Wordfence or Sucuri are trusted names within the WordPress world and require little to no setup. Simply install and active for a more secure website.
So there you have it, 5 ways you can help improve the security of your website! If you have concerns about your websites security, give us a call and we’ll be more than happy to take a look at your site with one of our performance audits.