Every day, thousands of hackers are knocking at your WordPress website’s door trying to access one of your most valuable business tools. As the WordPress platform has become so popular over the years, it has gained the interest of many that would like to simply sabotage, damage or kidnap your website for ransom. There are definite vulnerabilities with any online platform for building websites but my area of experience is in WordPress so will focus on this for today.
Over the past few weeks, as I work on a client’s website I have been adding security tools to help protect them from hackers or hijackers as this has become very common recently.
This is your first defense against hackers so don’t take it for granted that they won’t figure out that it is your dog’s name and birthdate.. Strong passwords are thousands times less likely to be found out and surpassed. That is why most websites today INSIST you have longer stronger passwords. They don’t do it to irritate you, they do it to protect your valuable online assets. Build your password out of capital letters, small case letters, numbers and symbols. Build your own secret code. by replacing letters with specific numbers and symbols. For example, an e could be the number 5 or the # sign.. etc. It is easy to build your own secret alphabet code of letters, numbers and symbols. the letter o could be replaced with the number 0 or the @ Sign. It is all very easy and only you will know your secret alphabet.
There are numerous WordPress security plugins. The ones I like best are called Wordfence and All in One WP Security. When set up properly, they will protect your site very well against hackers and attacks by making changes to make it more difficult first of all for them to find their way in and by alerting you to any changes unexpected on your website.
Server Side Protection and Site Backup
Most of the bigger hosting companies have server side protection to offer you for a fee. One of these may be called Sitelock. and that is basically what it does is locks your site down from their side. Your website hosting company probably also has a site backup service that may be part of the server side protection or sold separate. Check to see if you can get them both in one package or if you need to purchase them separately if you choose to go this route. I generally advise my clients to back up their website to either Dropbox or Google Drive if they don’t want to pay for the backup service, so that if anything does happen to their website, there is a way to recover it.
Keeping it Up to Date
Getting in through your website login is not the only way hackers could gain access to your website. They can use the actual code to find a hole and make their way in to affect your data. Make sure either you or your web design company can keep your website up to date at all times for your theme, plugins and WordPress updates. Most of these updates also contain security updates, plugging holes that can be poked into by hackers.
Look at Your Website Daily
Make your website your home page or at least take a quick peak at it every single morning. Check some main page links, check your menus to see that nothing has changed or been added.
Some final Suggestions
- Do not allow users to upload files to your website. Treat all file uploads suspiciously until you are sure they are not if you do allow it.
- Use a secure SSL certificate if you are allowing clients to share sensitive data such as credit card information with you on your site.
- Use form validation. Make some fields mandatory and fields for phone numbers etc are actually numbers.
- Use Catcpha code should be used on your login for the website and your forms.
- Use Honeypots. Honeypots are invisible fields that when filled in by a bot trying to break into your website it immediately locks them out.
If you would like more information on website security for your website or would like to book this service please contact Marie Mushing at 905-387-1883.
Marie from People In Connection has been working with clients helping them build a bold business presence for 19 years.