Here’s the rundown on how to secure your website without breaking your site (or the bank):
YOUR SITE *CAN* GET HACKED
On average 30,000 websites are hacked every day. What are you doing to keep your site from being next?
Hacking doesn’t just affect big corporations and isn’t done just by Anonymous. Spam bots crawl through the web to hack (hosting) servers, to infect its sites with malicious code and send out email spam to any emails connected with hosted sites. When that happens, your mailing list gets spammed, (you know those Viagra emails? Yeah – those.) and your website can get BLACKLISTED. When blacklisted, browsers like Chrome and Firefox will block users from accessing your compromised site in order to protect them. Imagine if a client, after hearing how awesome you are, goes on your site and gets a warning that your site contains malicious code? Eeek!
Bots work by finding loopholes in databases of themes and plugins—REGARDLESS of how old your site is, or how many followers you have, so it can happen to anyone. Keeping your site up to date and on a secure host are THE first step to prevent this from happening.
USE A GOOD WEB HOST
Once a host server is hacked, every site it hosts on that server is hacked. No bones about it—you NEED to use a secure hosting site to keep your site safe. Bluehost is a very popular hosting service BUT, because it’s so popular, it’s targeted and hacked often—NOT a good choice for hosting! EIG, its parent company, owns Bluehost, HostGator, HostMonster, and JustHost…all too big for their own good to safely secure your site. Hosts I recommend are WP Engine, Liquid Web, and Flywheel. I offer hosting as well; my clients think it’s pretty awesome!
KEEP YOUR SITE UPDATED
WordPress and its plugins release frequent updates and patches, and it’s critical to update whenever they do. These patches roll out not only optimize WordPress and its plugins but also to safeguard against any loopholes. Whenever a security breach is detected (or, worse, found by a bot), developers create patches in order to fix them. So it’s important to keep everything up to date in order keep your site safe!
ALWAYS, ALWAYS BACKUP YOUR SITE
To keep your empire running smoothly, you MUST backup your site! Anything could happen—your site gets compromised or an update goes awry—and without a backup you’re basically SOL. I recommend at LEAST weekly, and always backup before you ever update WordPress or any of your plugins.
Never use your website name or “Admin” as your WP log-in name
Those are the most common admin usernames… and therefore the easiest to hack into. Hackers troll the internet in search of loopholes and weaknesses in servers and systems. Don’t make it easy for them!
Bonus tip: I have a plugin (WordFence—it’s free!) that emails me whenever an unsuccessful login attempt has been made. Seriously, I cannot tell you how frequently I get notifications of login attempts using “admin” or “shesageek.” Don’t do it.
Don’t use Auto-Update!
Auto-Update is supposed to make your life easier but it actually can cause a lot of headaches. With Auto-Update, you’re not always notified when your system has been updated. You need to know when the updates happen to make sure it didn’t crash anything else—your theme, other plugins, etc. You also want to make sure you’ve backed up properly before the update. You wouldn’t want a client to go on your site and find out something is broken—while you can make sales while you sleep, you can also lose them if your site’s broken and don’t catch it in time. Don’t set it and forget it!
Change your passwords frequently
It sounds like a pain, but you are setting yourself up for disaster if you keep your password the same forever. I suggest you change your password at LEAST once a month. Keep bots and hackers guessing!
Pick a hard password!
I shared an article earlier this week (http://bit.ly/1Uu0w3W) of the most common passwords. Remember: if it’s common, it’s hackable, so don’t use 12345 or QWERTY. I recommend that you use a mix of upper and lower case, numbers, and special characters.
If you don’t think you have the time or the tech skills to keep your site safe & secure – a monthly maintenance plan is worth every penny!
Utilize header tags ( H1, H2, etc tags) on every page of your website! These tags help Google understand the structure of your page and are very important for SEO. Make sure you include your main keyword for that page in the H1 at the top of the page!
If you’re writing about being a boss lady – make sure to include that keyword phrase in your H1 tag at the top of the page! It could be something like this:
<h1>My life as a boss lady!</h1>
Also include the keyword/phrase in the page title, page URL, and in the first paragraph of your page copy.
Make sure you always use Alt tags on every image on your website!
Why? Well, this tag does several important jobs:
– It tells Google what the image is, so they know when to show it off in search results
– The tag text actually appears on your website if the image doesn’t load for some reason. This helps users figure out what they are clicking on even if can’t see the image.
– It helps visually impaired users access your content! Accessibility is SO important online, but unfortunately isn’t often considered when creating a website. Visually impaired users often use screen readers that tell them what is on your page, so your alt tag text will be read out-loud.
Here are a few quick Do’s and Don’ts when using Alt tags:
DON’T fill this tag up with random keywords to try to boost your SEO. This tag is meant to be descriptive of what the image actually is.
DO use your keyword for that particular page in one or two of your Alt tags, but make sure it is relevant to the image itself.
<img src="“http://www.yourwebsite.com/images/yourimage.jpg”" alt="“Awesome Image Description" >
Website Speed – your site load speed affects SEO ranking AND your bounce rate.
You can test your website speed by going to tools.pingdom.com!
It’s a super easy to run a speed analysis – you can even choose where in the world you want the test to be run from. It’s good to gauge results local to you and also local to where your clients might be (I have clients all over the world).
A good rule of thumb is to try and keep your website load time under 2 seconds.
Use lossless image compression tools like tinypng.com to drastically reduce the file size of your images. This simple step can drastically reduce how long it takes for your website to load which will make your site visitors happy AND boost your SEO.
Not sure what plugins you should be using on your WordPress website? Here are the plugins I use on every website I build! Together these will create a strong framework for your website, and 4 out of 5 of them are FREE!
This plugin is used to create a child theme, and then it gets deleted. You can choose what files you would like in the child theme in addition to the style sheet, and I always add footer.php, header.php and functions.php. If you aren’t doing much (or any) custom coding you can stick with the stylesheet.
I setup automated backups that sync to my Dropbox! You can setup daily, weekly, etc backups and you can choose to have more than one backup available to you at any time. I like to set Updraft for weekly backups and have it hold onto the 2 most recent.
This is great to keep your site secure, and to block the IP addresses of potential hackers. WordFence will send you email notifications of what is happening on your website so you can stay on top of it.
4. Yoast SEO
This is my favorite SEO plugin, in addition to setting up your SEO or Search Engine Optimization – you can also choose what image will show up with links on social media – for the whole site, and also for individual pages/posts!
5. Bloom (affiliate link)
This is my GO-TO for custom landing pages, opt-in forms, and popup boxes. Bloom is a premium plugin from Elegant Themes, the creators of the Divi theme.
If you are going to barter or trade with someone- set up guidelines, boundaries, and a contract that spells out what both parties will be providing, when, and for how long. When things start to feel awkward, it will be much easier to point back to that agreement than to try and muddle your way through a conversation about things that aren’t meeting your expectations.
I absolutely love bartering. It gives me, and others a chance to have a product, service, or experience that we might not otherwise be ready or able to invest in. This is especially true for ladies that are still in the early stages of their business without a lot of profit or funds to continue investing in the multitude of things out there that everyone “must have” (or so they say..).
I had a long conversation about bartering recently, because while sometimes it goes absolutely perfect, and everything runs smoothly and it’s a great experience for everyone involved – that is not always the case. Feelings, friendships, and the fear of coming across wrong make it that much harder to try to resolve things and get back on the right track.
But, should I let a few negative experiences stop me from moving forward with what could potentially be amazing experiences in the future? Nope. What I will do, though, is create firm boundaries and guidelines. A client who you have traded or bartered with should not be treated any differently than a client who paid you cash. Look at it this way, they paid you for your services and then you turned around and paid them for their services- so it’s a wash – but you ARE paid for the service you provide to them and should give them your best. Anything less is bullshit.