Digital security is becoming a more important issue for small and mid-sized businesses relying upon WordPress websites. Why? A 2018 report on data breaches by Verizon found that 58% of all cyberattacks target small businesses. With WordPress running 30% of 1.65 billion websites worldwide, it stands to reason more attention should be paid to cybersecurity and WordPress vulnerabilities.
It’s the understatement of the century to say that security breaches are never fun. They can cause a business and its customers pain, suffering, and financial risk. From stolen customer data to distributed denial of service (DDoS) attacks, businesses that fall victim to a security breach often end up taking a hit to their reputations and bottom-lines that can take years to recover from.
As an Austin web design agency with an extensive background in WordPress knowledge, we are providing some tips on what your company can do to keep your WordPress build safe and secure from malicious actors.
SSL / HTTPS: It’s shocking to think that there are a TON of WordPress websites that do not operate under HTTPS. For those not in the know, HTTPS means Hypertext Transfer Protocol Secure, which is a basic security protocol for a website. SSL stands for Secure Socket Layer, which is required for every website nowadays, especially ecommerce sites. If you do not have a SSL and you give people the ability to buy something or fill out a form it could enable a fairly routine hack by simply duping the form and then stealing your customers’ data. Scary thought, right?
Encrypted Passwords: As crazy as it sounds, the top passwords are people use to protect their websites are: Password, 12345, and Password12345. Not smart! For those who struggle to remember their passwords, there are easy and safe solutions available in the form of 1Password or Dashlane. Using one of those services means you only have to remember the master encrypted password, as these password managers will generate a password for you that is extremely well encrypted. Not 12345 or Password!
Cloudflare: Cloudflare is fast becoming one of the new go-to’s for DNS and security optimization. Cloudflare helps protect against DDoS attacks and even speeds up website load performance, which results in a better user experience and even improves SEO over time. Cloudflare also streamlines and optimizes your website’s load by helping you control cache. Even better, it helps with new security protocols, not just HTTPS, but also HSTS, which is the newer more secure form of encryption that the Internet is beginning to adopt.
Update Plugins / Theme / WordPress Core: Updating the WordPress core and plugins is one of the best things you can do to secure your website. Many make the mistake thinking that when a website is completed they should rarely update the plugins because it “might break something,” but letting the updates linger can and does create security problems down the road. Plugin authors are required to keep their software up to date with changes made to the WordPress core to not only ensure plugins deliver optimal performance but also reflect the latest changes in WordPress security. WordPress hosting platforms like WPEngine will blacklist plugin providers who fail to keep their software up to date.
Install a Security Plugin: Installing a plugin like Surcuri or Wordfence can help protect your website from hackers by allowing a user set a number of failed attempts before it shuts down access to the WordPress admin page. You can also set up a whitelist countries that are allowed to access your WordPress login screen so that if a user from outside that list tries to breach your security it will automatically block them and notify your website admin when someone is trying to hack your website.