Is your website critical to the running of your business? Do you need it to be working properly, up and available to visitors, and always ready to take sales, bookings or enquiries? If you do, then your websites security should certainly be a priority. If you don’t already have a WordPress professional taking care of your website, there are a few key things that you can do yourself to help protect you, your website, and your customers.
1. Scan your website regularly
Checking your website regularly for malware and vulnerabilities is the first step. If you’ve got malware on your website then you’ll probably need a professional to help you cleanup your site before doing anything else. If you have a vulnerability then this could be an out-of-date theme or plugin or you may be using an old version of the WordPress core. We advise you get the Wordfence plugin installed on your WordPress website and configure regular scans. You should also start the Firewall as this will help protect your site from meanies attacking you. You can also use this free resource to scan your website: https://sitecheck.sucuri.net/
2. Keep your website updated
WordPress is the best, and most popular, tool for building websites but this means that it’s also the number 1 target for hackers. It’s absolutely vital that you keep your plugins, themes and the WordPress core engine updated to the latest versions. Vulnerabilities are always being found in old versions of these and security patches are regularly released. You can setup Wordfence to inform you when new releases come out and it’s also a good idea to signup to the Wordfence newsletter for the latest security news and vulnerability reports.
BONUS TIP: When installing new themes and plugins on to your website have a little look at the date they were last updated. If it wasn’t updated in the last 6 months then there’s a good chance that the plugin or theme has been abandoned so it’s best to stay well away and find an alternative.
3. Get an SSL certificate
You should be on this one already by now. If your website is still on HTTP instead of the more secure HTTPS then you REALLY need to change now. Having an SSL certificate and using a HTTPS website connection means that any data transferred between your website and your visitors is encrypted. This helps keep you both safer. Web browsers are already marking sites that are still on HTTP as NOT-SECURE – and in 2018 Google search results will reportedly be doing the same. So if you don’t have a padlock on your website then will people still want to visit you? Speak to your web hosts about an SSL certificate for your website – or move onto one of our website care plans for a free open-source Let’s Encrypt SSL certificate.
4. Don’t use ‘admin’ as a username
A large number of hackings happen due to accounts being compromised. This will usually involve a robot randomly guessing username and password combinations. If you choose ‘admin’ as your administrative username then you’ve given the hackers a massive head start and made their job 50% easier!
5. Have as few administrators as possible
Not everybody is as safe with their passwords as you are (you are safe with them, right?!). If you give lots of people admin access to your website there is more chance that one of these accounts will be compromised. Keep admin access to only those that actually need admin access. Hint: this will probably only need to be you and your website designer.
6. Use strong passwords
This one should go without saying. Don’t use password as your password. Use something secure (no, password1 is not secure either!). A combination of lower and uppercase letters, numbers and special characters is generally regarded as safe practice – and use a different password for every thing online that you use. That may sound like a royal pain in the bum – but using a password management tool like LastPass could help you out.
Following all of these tips will give you a great start to keeping your website safe from hackers, but there are so many more things that need doing. To find out more tips, why not follow us on Facebook?
Need your website safe and secure quicker than that? We offer Website Care Plans and usually have new clients set up, and knowing their website is safe, within 48 hours. So either get in touch, or book a FREE consultation below to chat about our Website Care Plans and how having one could help take the stress away for you