Everyone knows about the Nigerian Prince that needs your help: you, the stranger on the internet, are the only one who can help get his fortune out of the country and for your help you will receive a great reward. While some still fall for this scam, most know by now the familiar tactics and are fairly amused as they click delete.
When it comes to security for your WordPress website, it’s not nearly so comical. There are so many moving parts to keeping your site secure that it can be hard to keep track of, overwhelming and intimidating. It puts many off of using WordPress altogether. This isn’t necessarily a bad thing, as the best platform for you all depends on your needs (that’s a topic for another blog post). However, with the flexibility and customisation ability of WordPress, it would be a shame to miss out on the pros of the platform because of a few, admittedly scary, cons.
Today, I want to give you an overview of how to keep your WordPress site, and by extension your business, secure, running smoothly and not so overwhelming. There are a lot here, but it’s all important. While this isn’t an exhaustive list and there are several more things you can do (more technical aspects), these steps below will help you make a great start to keeping your website and business (and even your personal internet habits) more secure. If you are finding yourself feeling panicked, don’t worry, just connect with me and I can walk you through it all and help you set it up.
Set Up Your Website Right, From The Start
Your Host
One of the first things that you can do to keep your website secure is to choose a quality host. The right host will not only improve the speed of your website, but it will keep your site secure behind multiple layers of protection. All of my clients who have opted to use my hosting plan as well as my care and maintenance plan are protected by Cloudways with end-to-end encryption, several layers of security and a free SSL certificate (more on that below). For those who are not part of my care plan, my recommendation is Bluehost. They provide secure, reliable and inexpensive hosting that is simple to use and works well for a business with one or two websites. Both of these hosts are highly recommended by WordPress itself and are among the top hosts in the industry.
Your Theme
Choosing a theme can be overwhelming. There are potentially thousands of themes available. How do you choose the best theme for you and ensure that it’s secure? There are a few things you can check for to make sure it’s a secure theme.
What makes a good and secure theme?
- There are no security vulnerabilities
- It is consistently updated by the developer
- It follows proper code standards
- It is compatible with your version of WordPress and the plugins you are choosing to use
All of these things will make it less interesting to hackers, more secure from malware and bugs and it will have less security holes, which will make it harder to hack. There are many websites that offer themes, both free and premium purchases, but my recommendation is to stick to either WordPress’s theme library (which you can access right from your WordPress dashboard by going to Appearance -> Themes) or ThemeForest. Generally, if you your theme is being updated consistently, is popular and is compatible with your WordPress version you should be just fine. It’s always recommended, however, to research a theme you are interested in to ensure it’s both secure and right for you. My recommendation to my clients for a secure, lightweight, customisable and fast theme that is a good choice for most businesses is Astra. This theme comes with a free and a premium option.
SSL Certificate
An SSL (Secure Sockets Layer) Certificate is part of the HTTPS protocol that will keep your site secure. This just means that it will keep everything encrypted and secure to safeguard any sensitive information while transmitting between two servers. This is standard procedure with all websites nowadays and are usually included with a good host. When you visit a website and see “Warning – this website is not secure” you know that an SSL certificate is not installed for that site and you should not be visiting it.
Security Plugin
WordPress security is important. There are many security plugins available that can help you secure your WordPress site. Choose a security plugin that fits your needs and make sure to keep it up to date. Some popular security plugins include Wordfence, Sucuri, and iThemes Security. These plugins will constantly monitor your site for security-related threats such as hackers, malware and bots and provide brute force protection, site scanner, user logging and other important checks to ensure your website is secure.
Additional Security Features to Enable on Your Site
For this section, I won’t go into details but will give a brief overview of additional security measures that should be enabled on your site to keep it safe.
- Limit login attempts
- 2-factor authorization login
- Prevent hotlinking
- Log out idle users
- Change admin URL
- Don’t use “admin” as your username
- Backup and update your site regularly
Safe Computing
When it comes to keeping your website secure, one of the best things you can do is to develop healthy computing habits. These include:
- Using a password manager such as LastPass or Dashlane
- Using strong, unique passwords that are a combination of letters, numbers and symbols (a password manager can help you create these)
- Setting up VPN and firewall on your computer
- Always using a secure connection
WordPress website security is important for your business. Not only will keeping your site secure help keep your business running smoothly, but it can also help to decrease panic if something goes wrong. If you don’t have the time or resources to manage your website security yourself, I’m here to help. Connect with me today and let me take care of everything for you.
