WordPress and Your Security – Why It Matters
This article was updated on August 6th, 2020 at 05:57 am
I’d like to thank Growth Experts for posting this article on their site. I’ve found this to be a great resource for content marketing and blogging information, and have learned a lot about increasing the reach of my own site here. I found this simple article for bloggers to be really helpful
—Blogging Commandments: Don’ts to Abide By.
Running a site means more than just keeping your content fresh and nabbing as many visitors as you can. You have a lot on the line as far as your reputation goes, and that means keeping things secure. Hackers love blogs; for the most part, security is pretty lax, and once infiltrated, they have a free platform to distribute spam and malware.
It’s a nasty situation, and with ransomware attacks on the rise, it’s important to really start taking a second look at what you’re doing to secure your WordPress site from hackers. Not only is your reputation on the line, but if you’re managing client information, you have to worry about the liability of their personal information being compromised by infiltration.
Here are a few simple ways you can make sure to keep your site locked down, and that your customers can continue to trust you with their information.
Be Smart About Login Information
It should go without saying, but unfortunately, there are just a shocking number of sites out there with username/password combinations such as “admin” or “admin123.” Not good enough, people. Your login information is like the key to your home, you need to treat it with respect, and the understanding that anyone who gets it will literally be able to lock you out of your own site.
Choose a unique username, and make your password as random and secure as possible. This means not recycling old passwords. Always use something different. If you have a hard time keeping track of all that login information (which is understandable), try using a password management service such as LastPass. It’ll keep a secure log of all of your passwords for you, and as long as you can remember that one password, you’re in business.
Limit Who You Give Admin Privileges To
Having staff to help you manage your site is great, but keep in mind that the more people who have access to your site, the more likely it is that your information is going to fall into the wrong hands. There’s no need to give everyone the highest privileges; limit what they’re allowed to do as much as you can, to avoid putting yourself in a difficult position.
Also, make sure employees are very well educated on WordPress security, and that they know the basics of network security. Have them use a password manager, so that their password is always encrypted and more difficult to steal over a public WiFi network.
Be Careful Where You Work
Speaking of network security, make sure you’re very conscious of the places you conduct business in. While it may be very convenient to use the local coffee shop’s WiFi, you’re not the only one on that network. It’s incredibly easy for hackers to put together a setup that allows them to infiltrate your connection on unsecured networks like public WiFi hotspots.
Either skip using these networks all together or take some precautions. You’ll want to go into your device’s settings and be sure to turn off things like “network discovery” and “public file sharing.” There’s no need to draw unnecessary attention to yourself by making your device easy to spot on a network.
Furthermore, if you do insist on using public WiFi, you need to make sure you’re also using a Virtual Private Network (VPN). VPNs are really cheap and automatically encrypt your data, so nothing you do can be intercepted by anyone, even on open public networks. Plenty of people use VPNs just to unblock Netflix or stream Pandora, but these programs are also particularly well suited for security purposes.
Just install a VPN on all of your devices and make sure you enable it to connect anytime you’re connected to a network so you never forget to use it. Most come with unlimited bandwidth, so you don’t have any data caps or anything to worry about.
Limit Login Attempts
Getting back into the security of your actual WordPress account, it’s also not a bad idea to limit how many times somebody can try to login. Go into your site and set it up so that a maximum of three login attempts can be tried before the user gets locked out. Plugins for this prevent against what is known as a brute force attack in which your account is hammered with login attempts by software designed to crack your password.
Keep Plugins Up to Date
Updating is a frustrating thing to have to do when you’re right in the middle of something, but you need to understand that the longer an outdated version of a plugin sits on your site, the more time hackers will have to mess with the code. Just like rotating passwords, it’s tantamount to the security of your site to make sure that you keep plugins fresh.
Always stay on top of these updates, and be on the lookout for anything suspicious. Make frequent front end visits to your site, and do a lot of clicking around to ensure that there’s nothing spammy hidden in the works that you aren’t realizing your customers are seeing.
Use Secure Backup
If you’re backing up your system and your site, that’s great. All too often, devices get infiltrated by viruses, glitches happen, and hard work gets lost forever. However, make sure that if you’re storing any data related to your WordPress site, that you’re storing it with a secure service, and not just on a hard drive you have floating around.
I’m a big fan of online backup services because they actually allow you to access your files from anywhere. Just make sure you look for one that’s geo-redundant, and ideally one that allows you to establish a private encryption key, so that even staff can’t get access to your files.
Don’t Let a Hack Happen to You
The bottom line is, even if you’re just taking care of content development or SEO, security falls on you. It’s everyone’s responsibility. It doesn’t take much time, but it does take initiative, so make sure you’re being proactive about security on your WordPress site.