Hackers. This one word can bring to mind many things. Offbeat heroes in some big budget blockbuster movie. Insidious masked men in underground bunkers. Maybe even the guy who played Newman on Seinfeld playing a programmer in Jurassic Park. However, if you rely on a website to be the customer facing front of your business, hackers are something you may find yourself concerned about from time to time.
It seems like every few weeks there is another news story about some major business experiencing a security breach that has exposed a huge percentage of customers’ personal information (including credit card numbers) to people with less than noble intentions. If you accept credit card information on your site, this most likely gives you pause. How could this happen? How can I be sure my customers’ private information isn’t at risk? Even if you don’t collect credit card numbers, your own personal information may be exposed. What if someone with a lot of time on their hands just wants to knock a few easily exploitable sites offline?
The first thing that should be pointed out is that you don’t have to take on the work of securing your site alone. A full service WordPress web hosting company will perform these security checks for you by doing the regular software updates that are required. If you don’t have much technical experience, or you’re simply concerned about your site security, contact your web hosting company and inquire about what’s being done to keep your site safe. Let’s look at some best practices when it comes to WordPress security.
Make Sure Your WordPress Core Installation is Up-to-Date
Without question, this is the first action one should take when looking to keep their WordPress site secure. If you read any official WordPress documentation or go to any forums seeking answers to bug fixes, the first suggestion is always to make sure you’re using the latest build of WordPress. While updating your site may cause some initial trepidation, having the most up to date software means former exploits used to gain access to a site have most likely been fixed. Because WordPress has so many users, the community often works together to quickly identify and offer solutions to bugs and security exploits.
The Same Goes for Your Plugins and Themes
If keeping your WordPress core installation current is 1A for keeping your site secure, consistently updating your plugins and themes is 1B. Malicious hackers use familiarity with source codes and the repetition of break-in attempts in order to finally gain access to a site. While updating your WordPress core cuts off most of those entry points, an outdated plugin that has been successfully cracked can still be used as an exploit. Not only should you update your themes and plugins, but it would probably be wise to delete any plugins or themes you still have sitting in your installation that you are no longer using. While you may be diligent in updating the plugins you use, you may leave plugins you’re no longer using to fall behind in updates. Better get rid of any possible backdoors just to be safe.
Fortify Your Login
One benefit of WordPress is that it’s easy to find “the door” so to speak. Need to login to your site? Add /wp-admin or /wp-login.php to the end of your site’s URL. For most users, that will get them to the login screen. However, because everyone knows this, anyone looking to get into your site can go to that address and spam the login form until they gain entry. Try establishing a different login URL and making a note of it somewhere in order to make entry more difficult. You can also try plugins that create a lockdown if too many failed attempts are made to gain entry to a site via the login page.
Yes, captchas can be obnoxious when you’re trying to do things online. But they’re so widely used for a good reason. They are a good deterrent for spam bots that will try to brute force their way into a site through automated login attempts. The need to read, evaluate, and enter a unique captcha message on each attempt will thwart simple bots that are used to gain entry to sites. While they aren’t a guaranteed solution as anyone who has tried to buy hot concert tickets online can attest, they will stop at least a good chunk of malicious login attempts.
These are some basic suggestions that you can implement to keep your site safe. Keep on top of the latest WordPress news in order to be aware of what other users are seeing as far as security goes. Be sure to contact your web hosting company in order to see what security options they offer so you can have peace of mind knowing that your site is safe.