It is not uncommon for people to compare the online world of the internet to the wild, wild west of old. And, like in the days of frontier living, cowboys and cattle rustlers, security should not be an afterthought. If websites are digital storefronts then not making sure yours is secure is like leaving the door unlocked with a sign that says “Howdy! Take what you want, partner.”
Hackers and ne’er-do-wells run rampant upon the untamed plains of the World Wide Web. It’s not a matter of IF your site will be targeted, it’s a matter of WHEN your site will be targeted. With that said, we’re going to explore some of the top things you can do to help keep your website secure.
Do you ever get annoyed by the number of new updates that come into your life on a daily basis? Whether it’s on your phone, computer, apps or your website, constant updates can be annoying. But understand that an update is usually released to fix vulnerabilities the developers have discovered. If you’re lucky, the developers discover those vulnerabilities before the hackers.
security If you’re running a WordPress site, be sure to keep WordPress, along with all of your themes and plugins, updated. It only takes a millisecond for a piece of malicious code to notice your site has a vulnerability and exploit it. There doesn’t even need to be a human involved.
Imagine your website is an office building. Everyone who works in the building needs access, but each person with access adds to your security risk. Not because they aren’t trustworthy people, but because they’re people. People lose things. People share information they shouldn’t. People are unpredictable. How do we solve this problem? Simple, we limit access.
Kate in Accounting on the third floor doesn’t need to get into every room in the building, neither does Jim from Marketing on fifth. In fact, most of the people in the building don’t need access to more than the front door and their own office. The only people who should be able to unlock every door in the place are a select handful of facility maintenance personnel. Admins on your site should be limited to as few as possible.
Beyond that, don’t use a single admin account to perform every task on your website, especially blog posting. Your username and password serve as a 2-point security key, so if you are authoring a bunch of blog posts with your site administrator’s username as the author you’ve just made a potential hacker’s job of breaking into your site that much easier. Now they just need a password. (This is also why you should always change your username/password from the defaults. Defaults are easy to guess.)
Speaking of passwords. Make yours is a good one! A password is useless if it’s something like “password” or “12345.” Someone (or something programmed by someone) trying to gain access into your site may not guess it right away, but you better believe they try all the easy guesses before they move into the difficult ones.
Make your password something easy to remember and impossible to guess. These days, many cyber-security professionals suggest using pass-phrases instead of passwords because they can be easier to remember and the more characters a password contains the more variables a hacker or bot have to try to guess. Something like “MaryHad3LittleLambChops” might seem silly, but it works. (NOTE: It should probably go without saying, but please do not use the exact phrase “MaryHad3LittleLambChops,” we’re already using it. It’s the password to our bank account.)
Add a Security Plugin
If you’re serious about protecting your website, and you should be, it’s a good idea to install a security plugin onto your site. There are plenty to choose from if you’re using a WordPress site, including WordFence, Sucuri and BulletProof. Plugins like this offer a variety of services that you can upgrade to if you’re willing to fork over some cash, but even the free versions offer vital scanning and monitoring of your site.
The fact is you will get hacked. As was mentioned earlier it’s not an IF, it’s a WHEN. You’re probably being hacked right now. That’s why it’s important to backup your site often. Most of the time, unless you’re storing sensitive data on your site (in which case you DEFINITELY need to look into a security solution), hackers are trying to install malicious software that will infect your site’s visitors. They’re simply looking to spread their influence of control and every internet user they manage to infect with malware becomes another foothold of influence.
WHEN you get hacked. Clean-up can be much simpler if you have site backups at the ready so that you can slash and burn the infected site and replace it with the one you know is clean.
Like they teach everyone in computer class, backup often, backup now, backup 10 minutes ago. If your site isn’t backed up, you’re looking to get your heart broken.
As a final note, if you do get hacked, there are a number of companies that offer malware cleanup services. Most Security Plugins are developed by companies that offer this service.
If you’d like to learn more about online security, check out last week’s blog on avoiding domain scams.