With WordPress accounting for over 26% of websites currently in existence, keeping your website up to date is always an essential part of a successful online presence.
Often overlooked, there are a few basic things that new (and experienced) website owners should be doing to keep their customers and data safe in the event of a crisis.
While you may never encounter a hacker, if you do, it’s still best to be prepared.
01. Choose a great host — it all starts with them
The very first step you take should be choosing a reliable web host that makes site security one of their top priorities. Ideally, you should be looking for web hosting from a company that clearly states what they do to make your security a priority.
Whether you’re looking to host an online store, a cloud-based software system or even a basic web page, we recommend looking for features like:
- Attack monitoring and prevention
- Proactive reviews and patches of security threats like core WordPress bugs, plugin exploits, and so on
- Up-to-date server software (using the most recent versions of PHP, etc.)
- Ability to isolate and prevent the spreading of infections so that a hacked site or virus cannot move to other sites on the same shared server
02. Use a strong username & password
It astounds how many clients we get who use the generic “admin” phrase as their username, followed by a password as simple as something like john1234. It’s 2016 people, you should know better!
While safety might start with your host, it’s up to you to follow through. The next step you’ll want to take is using a strong username and password for all accounts associated with your FTP, Content Management System / Online Store, Intranet etc.
- Creating a password that has a mixture of capital letters, lowercase letters, numbers, and symbols
- Avoide using generic dictionary words, anniversaries, birthdays, or other combinations that could be easily guessed
- Use long passwords — the longer and more complex a password is, the harder it is to crack, even by a program
03. Track and limit brute force login attempts
Even with the best passwords in the world, some unsavory individuals still might try to brute force their way into your WordPress site. Luckily, there’s a simple way to keep them out.
There are many great WordPress security plugins, however Login Lockdown and Jetpack’s optional Security Features, namely Jetpack Protect, allow you to limit the number of times anyone can unsuccessfully attempt to log into your store before their IP address is blocked.
Jetpack also allows you to whitelist an IP address, so that forgotten or mistyped passwords don’t cause problems for you.
04. Increase security with site protection
Since we’ve covered host security and login security, the next step in an active defence against hackers is general site protection. A great plugin (which we highly support) is called VaultPress. This software, built for WordPress-powered sites and shops, provides multiple levels of protection and support, including:
- Automated, realtime backups and restores
- Daily security scans for suspicious code on your server
- Protection against review and comment spam with Akismet
VaultPress keeps your store safe from harm, whether it comes in the form of malicious code injections or annoying comments. VaultPress is a premium plugin so you will have to purchase a lisence for your site.
05. Fine-tune the settings of your FTP directories
Locking down your site’s sensitive directories is a cheap and efficient way to heighten your security.
Updating the write access on your FTP directories can keep out harmful predators and reduce or even completely eliminate the potential for damage.
06. Stay up-to-date
The final security tip we have for those of you just starting out is this: don’t ignore updates.
Keeping your website secure will be one of the most important elements on your to-do list since it’s an ongoing and neverending process, but don’t stress. These quick and useful tips are the very beginning for any new WordPress site and, while there are more ways to beef up your site’s security; the six points above are what we consider most important and effective solutions to help keep your online presence safe.