Website Security is often overlooked until it’s too late, and your website has been hijacked by nasty spam or hackers. Even worse if you run an Ecommerce website, you risk sensitive user data being stolen.
As a website owner you should take your website security serious, and it should be incorporated into your weekly website tasks. Or, you should pay someone to look after this for you.
In this post we will look at things you should be doing to help keep your website secure.
We primarily use WordPress to build our websites, along with 455 million other websites worldwide!
Every WordPress website has a “core” installation of WordPress. This is regularly updated by the team at WordPress and you will need to ensure your site is running the latest version.
You can see information on any new updates by following the news section on the WordPress website.
WordPress Themes & Plugins
WordPress is an excellent platform with a community of contributors who provide custom Themes and Plugins for nearly every feature you could want.
However, it is these custom themes and plugins where we often see vulnerabilities originating from.
Both Themes (premium or free) and Plugins need updated regularly. Plugin and Theme developers will often release performance, functionality and security updates, it’s crucial you are monitoring any updates and ensuring these are applied to your website.
Check regularly for Theme and Plugin updates!
Another major issue for website security is user passwords. A lot of web users continue to use the same username and password combinations for multiple websites, they are often short and easy to guess passwords.
If you use the same login information on multiple sites, you run the risk of all your accounts becoming vulnerable should one of these websites be compromised.
When setting passwords, make sure to use a combination of lowercase, uppercase, characters and numbers. Use longer passwords as they are harder to guess.
Get into the habit of changing passwords regularly and if you’re responsible for managing users on your website, make sure to remind of them of the important of setting a secure password.
If you manage your own website hosting, you will have access to your web server via FTP. Make sure these details are never shared, if possible you should be the only person with these details.
Make sure your password is random, difficult to guess and if you are in doubt, make sure to reset the password regularly.
If someone were to get these details they would have direct access to all your website files.
You can use WordPress plugins to monitor suspicious website activity. Most will also have alerts where you will receive an e-mail should any issues arise.
Wordfence, will alert you when anyone logs into your site and will also let you know if any plugins need updating. It is also worth looking for a brute force login plugin, there are plenty availably and will to protect your site against automated login attacks.
Keep regular backups
Many website hosting companies will offer a scheduled backup service. This is an excellent option to have and will allow you to restore your website to a previous version should any issues arise.
It may cost a few extra pounds in a month, but it is money will spent.
Why we charge extra for website hosting
At LD2, we will not host a website without a security and maintenance contract. Our minimum yearly hosting fee includes time for our developers to log in every week to check for any updates and carry these out for you. We also have regular backups to provide
You may think this is expensive, but having to fix a website after it has been compromised will cost much more to fix.
There are a few simple regular tasks you can carry out to improve your website security. Make sure to set secure passwords, keep your WordPress installation and plugins up to date, and use a combination of Security add-ons to keep informed should any problems arise.
Have you had any issues with security in the past? Or need help with your current site? Drop us a comment below or get in touch.