Website Protection – Threats Are Everywhere
What to do about website protection? The news has been reporting huge increases in cyber attacks in the last few weeks. Make no mistake about it, there are people out there actively working to hack your website. You need to be proactive with your website protection strategy.
Small business websites don’t have the resources to throw at online security and are particularly vulnerable to hackers. There are steps you can take to protect your website without spending a dime. Since we work primarily with WordPress sites we’ll focus on WordPress specific tips.
Install an Anti-Virus Program on your PC
(Not specifically WordPress related) You don’t need to pay for a good anti-virus program these days. A Google search for “free antivirus” will turn up quite a few options. We currently use the free version of Avast Mac Security and have good results.
(Not specifically WordPress related) You’ve heard it many times – don’t open email attachments unless you are absolutely certain they are from a trusted source. Even then, be very careful with email attachments. Your trusted sender may have been hacked. One more reason to have a solid anti-virus program in place.
If you receive an email from a trusted source but for any reason you are suspicious of the email, pick up the phone and call them or text them to verify they actually sent the email. Hackers have gotten sophisticated enough to intercept email so if you use email to ask the sender if they actually sent the it, chances are you’ll be talking to the hacker. It’s getting crazy out there folks – be careful.
If you’re sending email via your WordPress website you should utilize one of the many SMTP plugins.
WordPress is susceptible to brute force attacks from hackers. A brute force attack is simply an attempt to gain access to the website by guessing at a username and password over and over (usually employing some software to run these login attempts unattended).
Two easy ways to help guard against these attacks are to not use the default name for your admin account and to rename your wp-login.php file. You’d be amazed at the number of WordPress websites using the login user name of “admin” – terrible idea as far as website protection goes.
Since you can’t rename users in WordPress you’ll need to create an additional user account with admin privileges and then delete the original admin account.
Keep Your Site Updated
WordPress updates are released frequently for the WordPress core files, themes, and plugins. Make sure you keep your site up to date by applying updates when they become available. Many of these updates contain patches to security vulnerabilities and failing to update could expose your website to security threats.
Remember this when applying updates to your WordPress website. Always install updates in this order: Plugins, Themes, WordPress Core Files.
There are lots of internet predators out there trying to do bad things with your website. You need some defense to combat these lowlifes. One of the best we’ve found is Wordfence. We install Wordfence on every site we build. There is a Pro version which costs $99 per year but the free version is excellent and plenty for most WordPress sites. Install it and use it!
Another WordPress security we really like is iThemes Security. This plugin has lots of options and has been a rock-solid performer for us.
Backup Your Website
Site backups are an important step in your overall website health strategy. Your hosting provider may make periodic backups but you should make the effort to backup your site as well. We use UpdraftPlus and it’s another default plugin on the WordPress websites we build.
These few steps will go a long way in preventing website headaches and should keep your site running strong.
Having problems with your WordPress website? Check out our Website Support page.