This week we’ve been working on updating the security of a number of websites, particularly WordPress. If you have a WordPress based website then security can often be the last thing you consider but if your site goes down then it can be really serious.
The last thing anyone wants is a website which shows errors, doesn’t load properly or loses you business. Here is what you can do to keep your WordPress website secure:
Use strong passwords
One of the simplest things you can do to keep your website secure is use strong passwords. By using strong passwords you make it more difficult for bots to guess them and gain access to your site.
This tip should apply to everyone who uses your site such as your employees and customers as well. WordPress even has some plugins which force users to pick strong passwords, and even strong usernames.
SSL is used to encrypt certain data on your site such as user input and forms. By encrypting user data and passwords you make it harder for bots (and hackers) to gain access to sensitive data. SSL used to be more relevant to ecommerce sites but as search engines consider it a ranking factor these day it’s recommended for everyone.
You will know if your website has SSL-enabled because the domain will start with https:// and the browser shows a padlock next to the address bar.
Keep everything up to date
Surprisingly common, if you have out of date plugins, theme files or even WordPress itself then this can pose security issues.
Plugins and themes are constantly being updated and sometimes this is because a bug has been found and fixed. Therefore it is important to keep your plugins and files up to date because even the most popular ones can sometimes have security flaws which can give an attacker access to your site.
We’ve had experience of many websites where dangerous code has been inserted into a website and it’s often because of a plugin flaw.
Install a good security plugin
One of the strengths of WordPress is the huge number of plugins available for it and there are many good quality security plugins out there. Two of the best we have used are Wordfence and iThemes Security which offer a number of features to protect your site.
By installing a good WordPress security plugin you can do really effective things such as using a website firewall, block hacking attempts, restrict access to certain IPs and even change the WordPress database.
Use a good hosting provider
When things go wrong you need someone technical to help identify and fix the problem. From our own experience we can tell you that some service providers such as One.com or Fasthosts don’t always give the best advice.
As an example we were recently told (incorrectly) that we couldn’t use One.com’s backup and restore to get a WordPress website back online. Little things like this can mean the difference between having someone fix your website or spending hours on the phone or chat.
A good hosting provider will make it easy for you to raise problems with them, and they will help fix the issue themselves and keep you updated on time.
If you need someone to help with your WordPress security then get in touch with StudioRav – we offer a range of one off and monthly management packages to help restore your website back to full health. We can assist you with all of the above to make sure your website is up and running for you and your customers.