After recently writing about a variety of plugins we recommend small businesses should install on their website, I realised that having a security plugin is very important, and that website security deserves its own blog post.
Not only can websites suffer from traffic and sales losses when hacked, but the loss of credibility can be huge. Who wants to visit and use a service on a site that isn’t secure? I know I wouldn’t want to hand over any of my personal details like email address or payment details to an unsecure site. So adopt a proactive mindset and put together a plan of action to secure your site and stop hackers from gaining access.
For the average small business owner, it can be tough knowing where to start. If you have a web team, this task should be assigned to them. Or if you have an external web developer, discuss it with him/her as soon as possible. They can start by putting the 5 tips below into action to help protect your site.
Back Up Your Site Frequently
This seems like an obvious step, but I’ve had to help a lot of people set up a back-up. It really is crucial. By backing up your website, you are saving your files and database, so if anything happens to go wrong, you can recover your site to a previous version.
I usually have my sites backed up every day and I get notified every time the backup is successful. One lesson I have learnt is to have the backup files of your site saved in multiple places. I use dropbox, google drive, and also keep them on an external drive. It might seem extreme, but you’ll be thankful if your site ever goes down.
If you are looking for a WordPress Plugin to backup your site, try some of these. VaultPress, BackupBuddy, BackWPup, and UpdraftPlus. They are worth the investment. It’s best to ask your developer to review them and offer their opinion on what to go for.
Download a WordPress Security Plugin
According to Forbes, over 30,000 sites are hacked every day. I always assumed that any of my sites would never get hacked, but after hearing some of the horror stories from friends of mine who run online businesses, it made me consider tightening up on security.
I’ve recently tested a plugin called WordFence that’s fantastic. I’ve covered it in this blog, and it’s great. I would say that installing a plugin like WordFence is a necessity for your website.
Plugins like this help to go through and check your site for any security issues or malware installed. Luckily I haven’t had any problems with my site in the past, but now there are plugins like this, I feel a lot safer. There are plenty of plugins available that offer wordpress firewalls, anti-virus, anti malware, and even offer you tips on how to protect your site further.
Choose secure passwords
Having a secure password for WordPress (and in fact for anything you do online!) is important to your site security.
If you decide to choose easy passwords, you are making it much easier for hackers to infiltrate your website. Hackers will try to break into your website by trying lots of different combinations of numbers and letters to get your login details.
Look at it this way, if you password is ‘password1’, it would be a lot easier to guess than a password like ‘9*73&$62++!0’. On most websites now, whenever you are signing up for a service, they usually suggest that your password includes a combination of lowercase, uppercase, numbers, and symbols.
I know it can be more tempting to go for a default, easy to remember password, like password1, but it’s worth putting more effort into outwitting hackers, and you can use software like Keeper to store all of your usernames and passwords.
WordPress is being constantly updated as they need to fix bugs in the system, and addnew features. Therefore if your website is built with WordPress, you should install the updates so that you can benefit from these changes, as well as any new security updates which are included.. Your developer will know how to update your wordpress site, it’s a one-click process on the WordPress dashboard.
I’d also recommend to keep your plugins updated regularly. The update options for plugins appear in the same place on the WordPress Dashboard as the overall platform updates.
Change the Default Admin Username
The first time you set up a website, you are given a standard username which is ‘admin’. Most people don’t actually end up changing their site username and just leave it as admin. Again, similar to having a basic password, having a basic username makes it easier for hackers as now they only have to guess your password, and not your username.
Ask your developer to help change your username. It’s an extra step that a hacker will have to overcome. If you’d like to do this step yourself, you could set up an new administrator account and change the username to something more complicated and unique, and then delete of the other admin account. Just be careful not to cut off your own access permissions!
There are many more things that you can do to help secure your website from potential hackers, and these 5 tips are should get you started. I particularly recommend installing a wordpress security plugin as I’ve found these very useful. Hopefully this list will get you thinking seriously about how to not only protect your website, but your business from hackers.
Hopefully you enjoyed this blog on WordPress security and If you have any questions, feel free to leave them in the comments and we’ll get back to you.