Secure Your WordPress Website
Here’s the rundown on how to secure your website without breaking your site (or the bank):
YOUR SITE *CAN* GET HACKED
On average 30,000 websites are hacked every day. What are you doing to keep your site from being next?
Hacking doesn’t just affect big corporations and isn’t done just by Anonymous. Spam bots crawl through the web to hack (hosting) servers, to infect its sites with malicious code and send out email spam to any emails connected with hosted sites. When that happens, your mailing list gets spammed, (you know those Viagra emails? Yeah – those.) and your website can get BLACKLISTED. When blacklisted, browsers like Chrome and Firefox will block users from accessing your compromised site in order to protect them. Imagine if a client, after hearing how awesome you are, goes on your site and gets a warning that your site contains malicious code? Eeek!
Bots work by finding loopholes in databases of themes and plugins—REGARDLESS of how old your site is, or how many followers you have, so it can happen to anyone. Keeping your site up to date and on a secure host are THE first step to prevent this from happening.
USE A GOOD WEB HOST
Once a host server is hacked, every site it hosts on that server is hacked. No bones about it—you NEED to use a secure hosting site to keep your site safe. Bluehost is a very popular hosting service BUT, because it’s so popular, it’s targeted and hacked often—NOT a good choice for hosting! EIG, its parent company, owns Bluehost, HostGator, HostMonster, and JustHost…all too big for their own good to safely secure your site. Hosts I recommend are WP Engine, Liquid Web, and Flywheel. I offer hosting as well; my clients think it’s pretty awesome!
KEEP YOUR SITE UPDATED
WordPress and its plugins release frequent updates and patches, and it’s critical to update whenever they do. These patches roll out not only optimize WordPress and its plugins but also to safeguard against any loopholes. Whenever a security breach is detected (or, worse, found by a bot), developers create patches in order to fix them. So it’s important to keep everything up to date in order keep your site safe!
ALWAYS, ALWAYS BACKUP YOUR SITE
To keep your empire running smoothly, you MUST backup your site! Anything could happen—your site gets compromised or an update goes awry—and without a backup you’re basically SOL. I recommend at LEAST weekly, and always backup before you ever update WordPress or any of your plugins.
Never use your website name or “Admin” as your WP log-in name
Those are the most common admin usernames… and therefore the easiest to hack into. Hackers troll the internet in search of loopholes and weaknesses in servers and systems. Don’t make it easy for them!
Bonus tip: I have a plugin (WordFence—it’s free!) that emails me whenever an unsuccessful login attempt has been made. Seriously, I cannot tell you how frequently I get notifications of login attempts using “admin” or “shesageek.” Don’t do it.
Don’t use Auto-Update!
Auto-Update is supposed to make your life easier but it actually can cause a lot of headaches. With Auto-Update, you’re not always notified when your system has been updated. You need to know when the updates happen to make sure it didn’t crash anything else—your theme, other plugins, etc. You also want to make sure you’ve backed up properly before the update. You wouldn’t want a client to go on your site and find out something is broken—while you can make sales while you sleep, you can also lose them if your site’s broken and don’t catch it in time. Don’t set it and forget it!
Change your passwords frequently
It sounds like a pain, but you are setting yourself up for disaster if you keep your password the same forever. I suggest you change your password at LEAST once a month. Keep bots and hackers guessing!
Pick a hard password!
I shared an article earlier this week (http://bit.ly/1Uu0w3W) of the most common passwords. Remember: if it’s common, it’s hackable, so don’t use 12345 or QWERTY. I recommend that you use a mix of upper and lower case, numbers, and special characters.
If you don’t think you have the time or the tech skills to keep your site safe & secure – a monthly maintenance plan is worth every penny!