Keeping your WordPress website safe and secure for your customers to use is not usually top of any business owners agenda. Finding new customers, generating sales, meeting deadlines and running your business seem far more pressing. But cyber attacks can seriously damage your business, leaving you and your business open to:
- Identity theft
- Slow website speed
- A ruined reputation
- Lost customers
Prevention is definitely better than the cure and there are some simple steps you can take to protect your website and your business.
1. Make Sure Your Website Has An SSL Certificate - An SSL certificate ensures that your website is who it claims to be and also indicates secure connections between the customers personal device and your website. Having an SSL certificate is important for website trust and to help protect customers from becoming a victim to scammers.
An SSL certificate helps secure information such as:
- Login credentials
- Credit card transactions or bank account information
- Personally identifiable information — such as full name, address, date of birth, or telephone number
- Proprietary information
- Legal documents and contract
- Medical Records
In a 2020 survey, less than 12% of WordPress websites had an SSL certificate.
2. Regularly Update Your WordPress Version - Most small business owners do not have the resources to employ a 'webmaster' to maintain their website. WordPress regularly issue updates designed to enhance security or close any security risks in the software. Updating WordPress with the latest version is key to maintaining your sites security.
NB: It is equally important to ensure that any WordPress plugins are also updated (some plugin developers will charge a fee for update facilities). Many of the security frailties in WordPress websites can be traced to out of date plugins that expose your site to hacks and attacks.
3. Avoid Being Tempted To Install 'Cracked' or 'Nulled' Plugins and Themes - One of the great attractions of WordPress is that there are endless developers creating software and themes that allow your website to provide functionality to the benefit of you and your customers. Some of these plugins have free versions but many have a cost which is usually a renewable fee. The temptation for some business owners is to use 'cracked' or 'nulled' versions of the software. The very fact that these are 'hacked' versions of genuine software should alert website owners not to use them but, many do.
DON'T DO IT..... IT"S NOT WORTH IT
4. Use A Firewall/CDN service like Cloudflare - A Firewall is designed to stop (or at least limit) known hackers from reaching your site. Services like Cloudflare (www.cloudflare.com) provide additional levels of protection for your site by stopping the threat before it reaches your site. In addition to an added level of security, Cloudflare provides a Content Delivery Network (CDN) designed to help your website load faster so that visitors are not left frustrated waiting for the page to load on their device.
5. Add A WordPress Security Plugin - A security plugin can put in place a whole range of security features that will limit that chances of your website being hacked.
- Limit Login Attempts - Often, when your website is targeted by hackers, they will use a program that tries to 'guess' your user ID and Password. By limiting the login attempts (3 is a good number) you can block these "brute force" attacks while still allowing genuine users to remember their password.
- Force Complex Passwords - I can't recall the number of times I've been asked to help a business owner who has been hacked to discover their password was "password". Many security plugins can be set up not to allow these easy passwords and insist on you providing a complex series of letters, numbers and special characters. You might not be able to remember it but it's unlikely a hacker can guess it either!!
- Hide Login & Admin - Anyone who knows anything about WordPress can work out the URL for your login/admin area. With a couple of clicks, this can be changed and hidden so that hackers will not know where to look.
- Away Mode - If you only make changes to your website during specific hours, you can make the WordPress dashboard inaccessible outside of those hours. This stops potential hackers making file changes to your site
6. Set-up Automated File Backup Offsite - The biggest mistake I experience from website owners is not having a backup facility on their website, so when their site is hacked, it's virtually impossible to recover. Cleaning the files of viruses and malware can be costly and not always successful. Your chances of getting your site back up and running quickly with minimum downtime are greatly improved if you are in the habit of backing up your files unless......
But what if your backup is stored in the same place as your WordPress site files?
I've spoken to many website owners who naively stored their backup files on their website meaning once the website was hacked, their backup files were corrupted too.
At Digital Impact Solutions, we offer a Complete Website Security Package that provides off-site backup facilities so that if your website is hacked, the backup files are safe and secure allowing us to clear all the infected files and replace them with your latest backup.
Conclusion - Securing your website is something that can be often overlooked and you only realise the value of it once your site has been hacked. Theses 6 great tips can help you minimize the risk of hackers targeting your site and allow you to focus on growing your business.
Neil Carroll is a Digital Marketing Strategist at Digital Impact Solutions. To find out more about The Complete Website Security Package mentioned above visit cyber.digitalimpactsolutions.com