Posted on 07 February 2017.
It’s a new year, with a whole heck of a lot of changes happening on our little spec of dust that we call Earth. This makes it the perfect time to do a security check on your WordPress site.
Think of it as an annual check-up but for your website. A time to make certain all is running smoothly and nailed down securely enough to keep those pesky hackers out of your business. Taking the time to go through the checks and balances now could save you not only added expenses but a huge headache in the future.
Let’s face it, any downtime that your site suffers equates to potential income lost by you!
Start with the following 5 tips that will keep your site secure and safe:
1. Strong Admin Credentials
If you happened to use an installer when you set up your WordPress site such as Softaculous, you might have noticed that their one click installation defaults to admin as the username and pass as the password. I certainly hope that you changed that. If not, that’s the first thing you can check off your list for fool-proof ways of getting hacked.
You are probably saying to yourself, “Why would anyone want to hack my site?” Understand, that there are thousands upon thousands of bots being run around the clock attempting to guess your wp-admin page. Yes, yours too. Keep in mind, that once they gain access it now becomes their site to do with however they wish. Think of the possibilities. All your hard work, themes, content, plugins… gone!
This can easily be solved by using a simple password generator such as the following:
2. Update often
We have all seen those pesky messages that greet us at the top of our dashboard. True, I’ve often been tempted to ignore them a little longer than is prudent. However, I’m here to tell you that keeping your core code up to date is not only an necessary evil, but could save you hours of frustration in the future.
WordPress does indeed have an auto update option, which in my opinion should likely be mandatory. True enough, it can be a bit frustrating and often time consuming when the update breaks some of the code that you have tweaked and/or customized. In fact, if you leave the auto updater off and manually update yourself you will see this message.
That text alone is enough to give most of us the cold nervous sweats.
The flip side though, could and most likely will be a lot worse. It’s not a matter of if, it’s a matter of when your site will be hacked if you are using an old version of WordPress.
3. Don’t cut corners with themes/plugins
With over 48,000 plugins available and lord knows how many other themes and widgets, it’s easy to just point and click to quickly install something – anything. Since WordPress is open source it is easy for amateur coders to develop a plugin that they can charge for. Unfortunately, many of these have been developed without proper vetting for quality assurance.
What does this mean for you? You guessed it, further ways that your site could become vulnerable.
Before installing a new plugin, theme, or widget do your research. Fortunately we live in a society that loves to spew both praise and criticism without much of a second thought. Reviews will often let you know a lot about the developer and their practices.
4. Use secure connections
Each and everyday, we share our personal information with different websites either to make a purchase or simply log-in. In order to protect the data transfer, a secure connection needs to be made. That’s where SSL and HTTPS come in.
HTTPS or Secure HTTP is an encryption method that secures the connection between users’ browser and your server.
Why do you need to move from HTTP to HTTPS?
Are you running an ecommerce site that collects payment information? Most payment providers such as Stripe, PayPal and Authorize.net will require you to have a SSL certificate.
Also, Google recently announced that they would be using HTTPS and SSL as a ranking signal in their search results. Hello SEO nightmare if you haven’t moved over.
There are several tutorials online that will help you with the transition.
5. Backup regularly
Go head, do a quick search for WordPress backup in the plugins section of your dashboard. Almost 1000! And that is just inside the WordPress portal. This doesn’t even begin to account for all the other offsite options available.
Many of them have schedulers built in, so you can set it to backup automatically say at midnight local time every night. That way god forbid something does happen, you will have a current copy of your site to rollback to.
If you follow these 5 simple steps, you will be miles ahead of the competition that isn’t in terms of staying safe from hackers.
Has your site ever been hacked? If so, how did you address it? We would love to hear from you in the comments below.