So you’ve got a fabulous, brand new website, now what?
Well, you’ve probably just spent a lot of money and want to turn your focus to marketing and utilizing this great new business tool. The thought of putting more money into the website would seem a little absurd, right? But letting the website sit and deteriorate could cost more in the long run than if you get yourself on a proper maintenance schedule. Just like with a vehicle, you need tune ups, brake jobs and oil changes to keep it running, a website is hardly different.
What? I thought they company I hired built a secure and state-of-the-art website for me? They probably did… but if they didn’t mention you should have a professional take a look at the website from time to time, then you were ill-advised. It’s not that the website will ‘break down’, but rather, the internet and security threats change, technology changes and your website will need to keep up with the times in order to be secure.
The biggest issues is that of internet security. Hackers and scammers are constantly looking for ways to exploit a website to gain control and use it for their own agendas. In the end, if a successful attack is not stopped in its tracks, then you are looking at many possible negative outcomes. Your precious domain could end up blacklisted by Google and other search engines as well as anti-virus software. Your visitors and their computers could be at risk. Ultimately you could end up forced to spend loads of money to fix your site and get things back to normal. Sadly, money cannot buy trust and you might loose that if your brand becomes tarnished with malware or offensive material being served from your website.
Lets break down a few ways you can keep your WordPress site secure.
Update, update, update. Keeping your WordPress version and plugin versions up-to-date is your best defense against immediate security threats. Hackers are constantly trying to find holes and developing new attacks trying to find a way to gain access to a WordPress website. The great thing about the WordPress developers and community is that when a new vulnerability has been identified as being exploited, they are quick to respond with a security update. So imagine that your site sits unmaintained for months or even a year. The longer you stay outdated, the more of a target you become. Be cautious when there are updates to be performed. We always recommend backing up your files and database before updating. Sometimes a new version of a plugin can be incompatible with another plugin or even the WordPress theme. Or vice versa, the WordPress update can cause a certain plugin to stop functioning. Our advise is to update one thing at a time and check the site each time to make sure it is still working properly.
Locking down your site. iThemes security is our favorite plugin for defense against several types of common attacks, and even advanced attacks. We call it ‘hardening’ a website. The most common settings we use on this plugin are the “Limit Login Attempts”, which basically helps stop brute force attacks, where the hackers setup a script to keep trying thousands and thousands of passwords strategically to try and gain access. Another setting that works well with is “Hide Login Link”, which changes the default WordPress admin link to something of your choice, that is unique. This makes it even harder to try and login in the first place. There are many more settings that this plugin offers, and the company has an excellent history in the WordPress community.
Monitoring and scanning your site for malware. It is important to know when and if your site is compromised. The folks over at Sucuri Security really know their stuff. This software is excellent at monitoring for any type of attack and sending out notifications of any weird activity. Their paid services are invaluable for removal of malware. They also offer a website firewall service that will actually flow traffic through their servers to scan all the requests that past through.
Backup. As mentioned before, backing up is crucial when dealing with updates and constant security threats. It is ideal to have a program that will backup your site at given intervals, like once a month or weekly, depending on your needs. So there are several free backup solutions out there for WordPress, the one we like to use is called UpdraftPlus Backups. There is a premium version, but the free version allows for scheduled backups and sending to a remote destination. There is some configuration necessary but it is somewhat straightforward.
Another, more advanced solution is from BackupBuddy, another iThemes product. This software is a paid membership only. It includes a hosted remote destination for your backups, and a gigantic list of options and settings. It can be rather tricky to install and to get working, but their support team is great.
Recap of useful links:
- iThemes security: For site hardening, preventative measures against attackers.
- Sucuri: For site monitoring and malware removal. Also for advanced paid firewall protection.
- UpdraftPlus Backups and BackupBuddy: Tried and true backup software. Scheduled backups and remote destination storage.
It is amazing how fast things move in the realm of internet security and how much of a topic it has been lately. We have seen a large number and variety of attacks first hand, and prevented even more. As the internet is becoming more of a common place for business it is important that business owners take responsibility for helping to keep the web a safer place.
Tis’ the season to keep your website safe and secure!