How secure is your WordPress website?
If your site has been built on the WordPress framework, you are in good company. With a calculated 25% of all websites built using this user-friendly CMS, WordPress is easily miles ahead of its competition. However, with this popularity comes an inherit danger – it is a regular target for hackers.
WordPress was born from an open-source project and remains free to everyone who wants to create a website. Open source means that the code that makes the whole system work is available on the internet with no restrictions. This factor is important in the whole WordPress “ecosystem” as it allows developers and coders to create the myriad of plugins and themes that make the CMS what is it.
Unfortunately, hackers can also look at the code and discover its weak spots, making it vulnerable to spamming and security breaches. For the small time user, this may never be a problem that presents itself. But if your site attracts the unwanted attention of a hacker, they can cause all kinds of problems for your small business website and its visitors.
To protect your site (big or small), there are some very simple measures that you can employ without the need for any programming knowledge (or outside help):
1. Update the WordPress Core.
To do this, access the Dashboard of your site. If a new (major) version of WordPress has been released, this information will be displayed on the main screen of the Dashboard with an UPDATE link. With the newer versions of WordPress, small incremental updates to are performed automatically.
2. Update the plugins that you are using with your site.
In the main menu of the Dashboard, under the Home button, an Updates options will appear when updates for your plugins are available. Click on it to access the Updates page and select the updates that you want to apply. At the same time, visit the plugins page of the Dashboard and delete any plugins that you aren’t using. Even though they aren’t being use, these deactivated plugins can still provide backdoor access to your system.
3. Use a secure password.
A brute force attack, where the login for a site is attacked with a systematic password hack, is hard to protect against but with a secure password (one that used no common words and a mix of symbols, letters, numbers), the hacker will have to work harder to penetrate your system. Also, try to limit the number of users that have access. If someone doesn’t need access and will not be updating the site, don’t give them access.
4. Install the WordFence plugin.
This free plugin has so many features that I can’t list them all here. For a very basic explanation, WordFence provides high-quality firewall and malware protection for your WordPress website and you should have it on your site. Setting this plugin up puts into place a huge roadblock to anyone or anything wanting to cause harm to your site. Get it here: https://wordpress.org/plugins/wordfence/
All the above options are accessible through the Dashboard of your WordPress site but only if you have administrator access. If you log into your site and cannot see or perform the tasks listed, contact your website developer and request an upgrade of your user access.
There is nothing worse than trying to regain control of a severely hacked website however, if it does happen to you and the above steps do not reverse the damage to a perfect state, it is not the end of the world. The server on which your site resides should be* backed up on a regular basis and can be restored by your server provider* to a previous day/week for a small charge.
As always, however, a pinch of prevention is worth a full pound of cure.
- If your web server provider does not backup at least three times a week, then it is imperative that you find a new provider. Security of your website is paramount.
- A server provider such as Digital Pacific, NetRegistry, WebCentral, etc provides the space where your website lives. It is generally not the same as your Internet Service Provider (ISP) that connects your business to the internet.
Unsure about how to implement the security measures above, get in touch with Tropical Coast Web Design. We can undertake a no-obligation security audit of your site and let you know how we can help.