Gone are the days when owners of websites could think security is not an issue for me because I’m too insignificant to hack.
For a collection of reasons there will be people constantly trying to hack every site on the Internet. If they get control of your site it allows them to do other things to other sites. They can use your site to send spam or as a means to hack other sites.
In some cases it is as simple as putting invisible links throughout your text in an attempt to improve the SEO ranking of another site.
Sometimes people will try and hack into your site just to show it can be done.
Most of our websites are built using WordPress. It is a hugely popular platform. From a security perspective the downside to this means that many many hackers will be focusing on finding vulnerabilities in WordPress. The good thing about WordPress is that the community is seriously focused on security and will patch any issues quickly and thoroughly. For you the website owner this does mean that one of the most important first steps in ensuring your site is safe is to keep WordPress, your plugins and your theme updated constantly.
Some of this updating can now be configured to be done automatically, however it is still not a set and forget. You need someone to be regularly reviewing updates and making sure everything is as current as possible.
If you search the Internet for WordPress security you will find much to read and we would recommend you do this, however here are a few basic starting points:
- Ensure you have a thought out backup and disaster recovery plan in case it does all go wrong;
- WordPress now generates good secure passwords for users, but it is important that users understand the importance of good passwords so that they do not replace a hard to remember password with something like password1;
- No site should have a user called admin. Make sure your usernames are not able to be easily guessed;
- Use a good security plugin to lock out brute force attacks and scan for code changes;
- If feasible limit access to the administration area of your site to specific IP addresses;
- Host your site with a reliable host who you are confident will have their servers well locked down;
- Make sure to use a trusted theme and trusted plugins. As a guide look at how many times a plugin has been downloaded and how recently it has been updated. If possible read the support tickets to ascertain if the developers are providing good support;
- Use an SSL certificate to encrypt usernames and passwords.
We can provide advice and appropriate services to our clients, however the most important thing is to take the issue of security seriously and not think it will never happen to me!!