Website security is on everyone’s minds. And quite rightly!
We’ve put together a selection of the most commonly asked questions we receive, and our answers to them:
What is hacking?
Being hacked means that someone (or something *shudder*) has gained access to your website files without your permission, usually to perform a malicious activity like injecting spam, stealing data or to enable a wider hacking attack. (We’ve written a separate blog answering this question in more detail here, if you’re interested.)
Is my website at risk of hacking?
Every single website is at risk of hacking. No website can be 100% safe.
Can I stop my website from ever getting hacked?
There is no fool-proof method to ensuring your website NEVER gets hacked. We’ve actually written another blog to answer this one, if you have time – ‘Can I stop my website from ever getting hacked?‘
Doesn’t my hosting provider keep my website safe and secure?
Your hosting provider should (hopefully) have at least a basic level of security on their server. However, they do not maintain your WordPress website on your behalf (unless you have a Managed WordPress Hosting LINK:https://www.elegantthemes.com/blog/resources/all-the-top-managed-wordpress-hosts-compared) so it is up to you to keep your website safe and secure. Or let us do it for you, of course, with our Website Care Plan.
How can I fix my website and then keep it secure?
It’s usually quite a intensive job to fix a hacked website so this is why we would recommend hiring a professional to make sure that it is completely cleaned and any underlying issues are dealt with. Always keep WordPress and your plugins and theme updated to the most recent versions and have a security plugin such as Wordfence installed. This is a bare minimum. (You might find this blog useful ‘6 ways to reduce your risk of getting hacked’.)
Why do I need to keep my website backed up, and how often should I do it?
You should keep your website backed up so that if anything bad was to happen to it then an earlier version can be restored and any vulnerabilities dealt with. Our standard backup procedure is now daily backups with 31 days of backups stored off-site.
How often should I update my plugins and themes?
Ideally as soon as an update is released for a plugin or theme. Certainly try to check your updates on a weekly basis at least. You can configure Wordfence to notify you via email when a plugin or theme needs updating.
Why do I need an SSL certificate?
An SSL certificate is a major part of website security as it encrypts the data communication between the website and the website visitor. If you take payments, have an online form or if your website has a password protected area (i.e. EVERY SINGLE WORDPRESS WEBSITE!) then you absolutely must have an SSL certificate. Web browsers are now marking websites without an SSL certificate (addresses that start http instead of https) as NOT SECURE. Google search results will soon be doing the same. Will visitors think twice about clicking on your website if it says NOT SECURE on Google? Yep, exactly.
What will happen if my website is blacklisted?
There are a large number of blacklists which your website could be placed on. These range from the inconvenient (more of your outgoing emails being labelled as spam) to the disastrous (having your website completely removed from Google search results).
What is malware?
Malware is short for ‘Malicious Software’ and is a term used for a variety of harmful forms of software such as ransomware, spyware, adware and viruses.
What is phishing?
This is when a cybercriminal tries to trick you into giving them personal data or passwords by sending you a seemingly safe email with a malicious link whilst pretending to be from a trusted source (such as your bank, online shop, Government etc.). If you find it difficult to decipher which emails are safe then we advise you to speak to Chris at Mintivo who is an expert on wider cyber security issues and offers cyber security training.
What is a DoS/DDos (Distributed Denial of Service) attack?
A DoS is when a large number of requests are made on a particular website to overload the server and therefore take it offline. A DDoS is when these requests are coming from a variety of sources (making it more difficult to block).
I’ve got an Apple Mac, so I’m safe, right?
Unfortunately, there is malware that has been written for MacOSx so Apple Macs are no longer considered to be completely safe.
What is a firewall?
Firewalls can either be in the form of hardware or software. They are used to block dangerous and suspicious activity.
Does my password really need to contain a combination of uppercase and lowercase letters, numbers and symbols?!
A vast number of successful hacking attempts come from weak passwords being used. Using a strong password makes it much more difficult for a hacker to get in. Also make sure you use a different password for everything. I know it sounds like a pain, but using a password management tool like LastPass will make your life so much easier (and secure).
If you’re wondering how secure YOUR WordPress website is, why not treat yourself to a FREE website security scan from us? Ok, ‘treat yourself’ might be a bit strong…but let us do all the boring, techie stuff and simply provide you with an easy to understand, personalised report (complete with actionable advice – bonus!). Just visit www.scanmywebsite.co.uk.
Already had your report? Take a look at our Website Care Plans to see how we can get you safe, and keep you safe.