Cyber Security: Keeping Your WordPress Site Safe from Hackers
Let’s talk cyber security: Are security concerns keeping you from enjoying the flexibility and power of WordPress? If you’ve bought into the hype that WordPress is inherently unsecure, then you’re missing out on all the great things WordPress has to offer, for no good reason.
The fact is, while WordPress sites do get hacked, they are no more dangerous than other php-based websites. The problem is that WordPress is open source, which means that anyone can read the code—even the bad guys who spend all their time looking for vulnerabilities they can exploit. Couple that with the enormous popularity of WordPress, and it’s easy to see why you hear about hacks on a regular basis.
But that doesn’t mean WordPress is unsafe. By implementing just a few cyber security best practices, you can greatly reduce your risk of being hacked.
Keep Your Site Up to Date
This is by far the biggest risk when it comes to security. New vulnerabilities are discovered in WordPress and its plugins and themes on a regular basis, and if your site is out of date, it is at risk. Hackers actively search for outdated websites they can attack, so make it a point to keep your site up to date. That includes plugins, themes, and the WordPress software itself.
Under GDPR you have a legal responsibility to keep the personal data you store private – that extends to people transmitting their data via web forms and you storing it.
However the biggest issue for most security is, in fact, humans! Easy to remember passwords, sticking them on a post-it note on the screen, storing your data offline but leaving the external drive attached to the computer…
Use Strong Passwords
Second only to out-of-date installations when it comes to inviting hackers, weak passwords are regularly exploited with a technique called a “brute force” attack. Simply put, a hacker sets a computer program to repeatedly attempt to log into your site using thousands of the most commonly used passwords and what are known as “dictionary” words.
This type of vulnerability can be easily avoided simply by choosing good passwords. Ideally, your passwords should:
- Be longer than 12 characters
- Contain upper and lower case letters, numbers and symbols
- Never be used for more than one site
- Never be stored in plain text on your computer
- Never be sent by email
Also, consider using a password manager such as LastPass to generate and securely store good, strong passwords. You’ll never have to worry about remembering your passwords, and you’ll greatly reduce your risk of being hacked.
Our recommendation is also to have a separate offline record of your passwords – write them by hand and store them somewhere secure offsite in a fireproof safe…Think of it like the Title Deeds to your house or your Will. Should everything go, you still have a secure copy elsewhere and that location isn’t linked to anything in your house or on your computer or hosting.
Make sure your WordPress Admin Login is Secure
Not only does your password need to be secure, but how you log into the site needs to be secure. Is your username “admin” – bad idea! This means half the security on getting into your site is easily hackable.
Do you use the standard Domain.com/wp-admin log in? Consider moving your files to make it more difficult to hack. This is the online equivalent of a door with a massive arrow pointing to it saying “OPEN ME!”.
Be Smart About Your Hosting
Unlimited domains! Unlimited space! Unlimited bandwidth! And all for around $8 per month. You’ve probably seen the claims and may even have a hosting account with one of these companies.
Here’s the problem. This type of shared hosting is inexpensive only because they overload their servers with thousands of websites. Just as close proximity in crowded classrooms allows human viruses to quickly spread, close proximity of websites on a shared server means one infected site is a risk to all the others.
Rather than looking for the least expensive (and riskiest) hosting option, choose a host that allows you to isolate each site on its own cPanel. Doing so will greatly improve the security of your website.
In the end, the safety and security of your site and its data is entirely up to you. Keep your software up to date, use good passwords, and choose a secure hosting environment, and you’ll be well ahead of the curve on this.
What if the worst happens?
So the time to deal with this is BEFORE it happens! But if hackers managed to take over your site and lock you out of it and delete all the content, you’d hopefully:
- Have cyber insurance to deal with costs involved in getting the site back and getting up and running again quickly and safely. FSB offers £10,000 of cyber security cover as part of their membership and most professional indemnity companies will also offer this as an option.
- Have an offline copy of your passwords and logins and security questions for the web hosting, so you can get back control.
- Have a recent back up of the actual site which you can use to reinstall it.
- Have an idea of where they got in so you can delete access and secure the site properly.
Remember, most issues arise from out of date plugins. Keep them updated!