There are plenty of threats out there on the web, from phishing scams to malware, but the threat doesn’t stop when you have your own website. With WordPress powering over 455 million websites today, it can be a prime target for criminals seeking to wreak havoc and earn some money on the side.
The number one cause of WordPress sites being hacked is having out-of-date plugins and themes. A poorly maintained website will open itself up to vulnerabilities.
One of the most valuable assets today is information, and as a website owner, it is your duty to ensure that the website is secure. Thankfully, there are a few tips I can recommend to help prevent your site from being attacked.
Wordfence is becoming an essential plugin to install as time goes on. Attacks are only climbing, often from foreign entities, and this security plugin helps mitigate some of that risk. Within Wordfence is a firewall you can tailor to provide comprehensive security, which identifies and blocks malicious traffic. You can also prevent brute force login attempts, with wp-admin pages often the target for automated scripts. If you know you’ll never be logging in from certain countries, or your customer base isn’t abroad, you can enable geographic IP blocking as well. Two-factor authentication is becoming ever present in a day of leaked passwords, so enable this to provide an extra layer of security should you be compromised.
One option I’d recommend updating is the login security options. From the WordPress Dashboard, you can see the top five failed logins, and if some are more attempted than others, (I’m looking at you, ‘admin’ and ‘administrator’!), then set up an IP block. Be careful with this setting and ensure you do not have user accounts with the frequently attempted names. Setting an IP block for people who try these names will prevent access for however long you determine.
For optimum security, ensure your list of users is well maintained too. Often, people leave a business and yet their login details are still saved. Ensure these accounts are closed off or frequent password change protocols are in place.
Security is one of many important considerations when designing a website. Set security policies before it’s too late to ensure your website remains live.
- What videos should you post on your website? - February 17, 2021
- Google Core Web Vitals: What is Cumulative Layout Shift (CLS)? - February 10, 2021
- Google Core Web Vitals: What is First Input Delay (FID)? - February 3, 2021