Be safe, not sorry: 6 tips for website security

posted in: Site Security
Website Security

The best time to think about website security is…always! Sadly, mischief-makers abound, and few tasks feel more thankless than having to devote time, expense and angst in order to recover your site after a hack. Here are some things you ought to be doing to protect yourself.

#1: Use secure login details

Make sure your username is NOT “Admin” and that your password is strong. Really strong means more than 16 characters, and a good mix of letters (upper and lower case), numbers and other characters, such as #, % or +.

Remember, too, to keep administrator level users to a minimum. Not only do administrators have access to all areas, any admin can delete any other user, including another admin (including you!), so do not give this privilege lightly.

#2: Don’t log in on an unsecured network

Free WIFI down the pub is great for posting your Instagram photos, but it’s not a great idea to log into the back end of your website without taking some precautions. First of all, ask yourself: do I REALLY need to log into my website/bank account/webmail right now? Let it wait if it can.

If you have to work while you’re on the road and you don’t have control over your network connection, use a Virtual Private Network. A VPN secures your wireless transactions by encrypting your data and making you anonymous to cyber ne’er do wells. The free download from CyberGhost is adequate for occasional use; if you are a true road warrior, it’s worth paying for more speed and some extra features.

#3: Keep your site up-to-date

One of the great things about WordPress is that it’s free, open-source software, as are literally thousands of its associated plugins. This means that things just keep on getting better for users, but the downside is that version control can be a slightly haphazard affair.  WordPress itself may have several releases in a year, while plugins may be updated often…or suddenly stop being updated altogether. If you don’t keep things up-to-date and in sync with the current version of WordPress, your vulnerability to attack increases exponentially.

Happily, updating your site is a simple affair. Log in once a week and check the toolbar in your dashboard to see if anything needs updating. You’ll have the job done in a couple of clicks on the the WordPress Updates screen. If a plugin or theme is longer being supported by its developer, consider changing away from it altogether.

In case anything goes wrong…

#4: Back it up!

It’s important to back up your site before you apply updates, and to take regular backups to protect your work as you amend or add content to your site.

Backing up your site protects you from losing your site altogether if someone gets in and does you harm. There are various plugins you can use for this; I recommend Backup Buddy, a premium plugin by iThemes (I’m not an affiliate – I just like it!). Though this is one you pay for, its ease of use makes it a great choice. You can schedule backups to run behind the scenes and even have backups sent automatically to remote destinations for extra security.  I install my own copy on every client site I build, which saves my clients money and gives us all a bit of extra peace of mind.

Backing up your site protects you from losing your site altogether if someone gets in and does you harm. Click To Tweet

It’s also important to know just what your hosting provider is doing about backups. When you choose a hosting package, be sure to ask: how often do you take backups? What happens if the server goes down? What happens if I “break” my own site? Make sure you know what the backup schedule is like, and what cost – if there is any – there would be to restore your website should that become necessary.

#5: Add an extra level of site security within WordPress

There are a number of plugins which add security to your WordPress site. These work by “hardening up” your website against attacks by deflecting brute force sign-in attempts, detecting/deleting malware and enforcing strong passwords. My preferred plugin here is Wordfence and it’s something I load on virtually every site I build.

#6: Use a Content Delivery Network (CDN)

By using a CDN such as Cloudflare, you’ll be tapping into a whole range of benefits. A CDN works by “serving” your site from your host server to your visitors via its own global network, based on the geographic location of your site visitor. The network is able to detect and analyze threats from every quarter. An additional benefit is that your site performance will improve, which is great for your SEO. Cloudflare has a number of membership levels; the free level is quite sufficient for many users.

I do all of these things, and I recommend you do, too! If you’d like some guidance, please feel free to get in touch.

Comments are closed.