How often do you think to yourself “Is my website secure?” I am asked all the time about website security, how to prevent a website from being hacked and how one can undo the damage to a website that has been hacked. All of these are serious things you need to consider if you have a website or are involved with web development.
Today, I’m going to explore prevention, protection and recovery. You need to pay close attention to these items to keep your website safe from hackers.
Website Security 101
Prevention
First and foremost don’t make it easy for a hacker to prey on your website. With the popularity of WordPress and the many content management systems available, there are some basic vulnerabilities hackers look for. One of the biggest mistakes is using a login username like admin, administrator or even the name of your site.
If you use one of these default usernames hackers will try repeatedly to gain access by trying tens of thousands of password combinations till they are able to login. Only after they exhaust all options with they give up. An example of a less vulnerable option is “first-lastname”. If this is an issue for your website, immediately add another user account with a more secure username, and then demote the default username to a minimal access account like subscriber.
Secondarily, hackers are looking for easy passwords to allow access to a website. So using names like your pet or that of your child are far too often easy to guess by doing a quick look on Facebook. And dare I say, don’t use “password” for your password. This includes changing it to pa$$w0rd. This is not a secure option either.
One tip is to use something like your license plate number with a few extra symbols and characters. Plus, every time you check into a hotel you won’t have to run back to your car anymore, because now you will remember the number.
Another option to use is a website like strongpasswordgenerator.com to generate passwords for you. There is no cost for this service.
Protection
For a WordPress site, my favorite website security tool is Wordfence. This plugin has a free version and a paid option. Within the plugin settings, you are able to define options such as if an invalid login attempt happens X times, the user’s IP address will get locked out for a defined number of minutes.
This is quite effective as I have seen thousands of attacks prevented on websites that I perform maintenance on. As of right now, WordFence is reporting that 45,808 attacks are prevented every minute with their tool.
An alternative option that can prevent hackers and help with a website load time is a service like Cloudflare. While Cloudflare is primarily a caching service, they proactively monitor over five million websites and if one site falls under attack, they automatically block traffic from the offending website on all the websites that they monitor.
Beyond using options mentioned above, the most important option is to keep your website up-to-date. These means making sure website maintenance is performed regularly and consistently. Ensuring all the plugins are current with the latest patches and security updates installed. Many times these updates fix security vulnerabilities.
Recovery
The best way to recover when a website has been hacked, crashed or whatever the case maybe, is to have a current backup. There are many tools, plugins and a gamut of other options available to backup a website. I prefer to use BackupBuddy, this is paid tool, but well worth the investment. With a tool such as this in place, it is generally pretty easy to restore the website to a point prior to the attack.
Wordfence has a security feature that also helps with recovery. Part of the function of this tool is to regularly check the core WordPress files and plugins to ensure they are not compromised. If any changes are detected, you will receive an alert and are able to restore the files with the click of a button.
With hundreds of thousands of hacking attempts every minute, it is just a matter of time before your website could fall victim.
[bctt tweet=”The Web Is Under Attack: Is Your #Website Safe? by @JNosal #SEO #WordPress”]
Start today with keeping your website safe from hackers. It’s imperative to keep your online presence secure and protected from malicious activities! If you have any questions or need help, contact me today.