Site security is a monumental, need-to-know topic. Get some good insight from our experts as they share tips for better online security.
There are some simple tips that can greatly improve not only your company website but your security in general: Using a strong unique password paired with a password storage solution like LastPass is a quick and effective start. Using two-factor authentication when possible will also help stop brute force attacks.
There are many security plugins like those we use by default on all of our client sites that also limit the number of attempts, lock out IP addresses from multiple failed attempts and more.
Another simple yet very effective security upgrade is to make sure to upgrade your site to HTTPS with a TLS/SSL certificate. Most modern browsers are making it more obvious when you don’t have this upgrade, and some even mark your site as insecure in the browser bar. Besides just a security fix, this is also a benefit for SEO (See 7 SEO Tips and Simple Techniques).
Finally keeping WordPress core up to date along with any used plugins is another important step to keeping your site secure and preventing malicious attacks. We recommend an audit and upgrade routine at least every 6 months to review and remove unused plugins as well.
Two very simple measures can protect a website. The first involves the installation of a TLS (Transport Layer Security) Certificate. This is what generates the lock icon before your URL and adds the “s” to “http” as the prefix to the URL. A second tactic is to create a unique administrative URL to access the backend of a website. For example, WordPress provides the generic URL – yourwebsite.com/wp-admin/, which is easily found by hackers or any user for that matter. Simply creating a random string of characters — yourwebsite.com/834yhefj$0& – will make finding the URL to access the backend of your site much more challenging.
The top security tip that people need to do for their website is to make sure that you are using HTTPS instead of HTTP. HTTPS has an added layer of security that helps to prevent hackers from gaining information from a website’s customers.
Having HTTPS also gives you an SEO boost as Google ranks a website higher if it has HTTPS vs. HTTP. Even if you don’t have a site that gathers any information from customers, it can be very beneficial to make the transition anyways.
Regularly scheduled audits will help protect your website from hackers by identifying vulnerabilities before it’s too late. One of the things we do as part of our ongoing website maintenance services is provide security audits. Our website audits cover a variety of areas to make sure your website is running efficiently and securely.
During the audit process for a WordPress website, we review all plugins being used on the site to remove any unnecessary plugins and make sure the version of WordPress and the plugins being used for a site is upgraded to the latest version. Making sure you keep your site up-to-date is important as vulnerabilities can be detected in open source software. You can also use something like Sucuri, which will clean any hacked filed and provide ongoing monitoring of the site.
For WordPress sites, I always recommend making sure your plugins, theme and WordPress version are up-to-date. Additionally, a popular plugin that provides many powerful security tools is WordFence, which is made by Automattic — the same company who owns WordPress. Lastly, hiring a great website development company who can worry about these things for you, (*cough* Ironistic), is a great way to stay secure.
Comments
There are currently no responses.