Website Protection – Threats Are Everywhere
What to do about website protection? The news has been reporting huge increases in cyber attacks in the last few weeks. Make no mistake about it, there are people out there actively working to hack your website. You need to be proactive with your website protection strategy.
Small business websites don’t have the resources to throw at online security and are particularly vulnerable to hackers. There are steps you can take to protect your website without spending a dime. Since we work primarily with WordPress sites we’ll focus on WordPress specific tips.
Install an Anti-Virus Program on your PC
(Not specifically WordPress related) You don’t need to pay for a good anti-virus program these days. A Google search for “free antivirus” will turn up quite a few options. We currently use the free version of Avast Mac Security and have good results.
(Not specifically WordPress related) You’ve heard it many times – don’t open email attachments unless you are absolutely certain they are from a trusted source. Even then, be very careful with email attachments. Your trusted sender may have been hacked. One more reason to have a solid anti-virus program in place.
If you receive an email from a trusted source but for any reason you are suspicious of the email, pick up the phone and call them or text them to verify they actually sent the email. Hackers have gotten sophisticated enough to intercept email so if you use email to ask the sender if they actually sent the it, chances are you’ll be talking to the hacker. It’s getting crazy out there folks – be careful.
If you’re sending email via your WordPress website you should utilize one of the many SMTP plugins.
WordPress is susceptible to brute force attacks from hackers. A brute force attack is simply an attempt to gain access to the website by guessing at a username and password over and over (usually employing some software to run these login attempts unattended).
Brute force attacks are common on WordPress sites. They’re easy to mount and just as easy to defend against. First, we need to make sure all of our passwords are strong. By “strong” I mean made up of a combination of upper and lower case letters, numbers, and special characters. Here are some guidelines for creating strong passwords:
- Never use the same password twice.
- Use a different password for every site you have a login to. This will slow down a brute force attack considerably.
- Use a mix of upper and lower case letters.
- Use numbers and special characters where appropriate.
- Use a mix of uppercase, lowercase, and mixed-case letters in your password. This will make it more difficult for an attacker to guess your password.
- Use a mix of uppercase, lowercase, numbers, and special characters in your password.
- Two easy ways to help guard against these attacks are to not use the default name for your admin account and to rename your wp-login.php file. You’d be amazed at the number of WordPress websites using the login user name of “admin” – terrible idea as far as website protection goes.
Since you can’t rename users in WordPress you’ll need to create an additional user account with admin privileges and then delete the original admin account.
Renaming your wp-login.php file can easily be done using a plugin like Rename WP-Login.php or Protect Your Admin. The capability to rename your login is also available in iThemes Security plugin.
Keep Your Site Updated
WordPress updates are released frequently for the WordPress core files, themes, and plugins. Make sure you keep your site up to date by applying updates when they become available. Many of these updates contain patches to security vulnerabilities and failing to update could expose your website to security threats.
Remember this when applying updates to your WordPress website. Always install updates in this order: Plugins, Themes, WordPress Core Files.
There are lots of internet predators out there trying to do bad things with your website. You need some defense to combat these lowlifes. One of the best we’ve found is Wordfence. We install Wordfence on every site we build. There is a Pro version which costs $99 per year but the free version is excellent and plenty for most WordPress sites. Install it and use it!
Another WordPress security we really like is iThemes Security. This plugin has lots of options and has been a rock-solid performer for us.
Backup Your Website
Site backups are an important step in your overall website health strategy. Your hosting provider may make periodic backups but you should make the effort to backup your site as well. We use UpdraftPlus and it’s another default plugin on the WordPress websites we build.
Use a VPN
The kind of security a VPN provides is on the way from being a luxury to becoming a necessity on the modern internet. While directly hacking a computer using its IP address is difficult today, thanks to the various firewalls employed by service providers, an IP address can still be used as a starting point to access location data that can then be used to dig up further sensitive information. What makes a VPN effective is that it encrypts your internet traffic before it reaches any server outside of your device. We recommend visiting VPNRatings.com for lots more information on VPNs.
These few steps will go a long way in preventing website headaches and should keep your site running strong.
Having problems with your WordPress website? Get in touch and we’ll be happy to help.