Website security has become an increasingly important topic over the last few years. It has become so important that even Google has taken steps to prioritize websites that use secure hosting — even if the site doesn’t perform any functions like processing credits cards. Since we deal mostly with WordPress we care specifically about WordPress security. Below are some of the most basic and most important steps you can take to protect your site from malicious behavior, hacks or malware injections.
1. Create regular backups
This is easily the most important thing you should do for website security. WordPress operates in multiple parts: tables, content files and code files. By creating regular backups of your WordPress website you will always have a working copy of your site. If your site goes down or gets hacked you can easily restore it to the most recent working version. How often to backup? The more frequently you edit or add content to your site, the more frequently you should backup your site. We recommend weekly. If you don’t change content very often you can get away with backing up your site monthly. We also recommend a regimen of automated backups with manual backups just to be safe.
2. Update WordPress Version, Plugins and Themes
This is the most important preventative action you can take for website security. One thing we love about WordPress is that it is open source and is backed up by a thriving community of fans and expert coders. WordPress is constantly upgraded to improve the security of its coding. Granted, weaknesses are usually identified after they’ve been exploited, but teams of crack coders work to fix the weaknesses and improve WordPress security. The same can be said for GOOD themes and plugins whose creators actively update their coding. You should keep your site updated to the most recent, stable version of WordPress as well as plugins and themes. Otherwise, your site will be vulnerable to hacking.
3. Use Security Plugins
Over the years, two WordPress security plugins have risen to the top of our favorites list. We recommend them highly. They both have free and premium versions. The free versions have awesome features, and if website security becomes more of a concern, we recommend the premium versions. We’ll just highlight our favorite features. You should check out these plugins fully.
iThemes Security Plugin
Hide Backend: This feature hides the typical login page for WordPress. Hackers frequently try brute force attacks by bombarding pages like the login page with bogus login attempts. If they can hack your login they can do anything they want to your site. This is no good! By hiding your login page URL you can prevent an enormous number of these kind of brute force attacks.
404 Detection: This is another way hackers frequently attack a site — by searching for known page URL’s on other sites. If your site doesn’t have the same URL’s these hackers will generate an unusually high number of 404 errors. iThemes Security Plugin allows you to limit, even block IP’s that are acting suspiciously on your site.
Banned Users: This is by far our favorite feature. You can permanently ban suspicious or malicious IP’s from your website. Talk about website security! Once a spammer or hacker finds your site they can be relentless at bombarding your site with spam or hack attempts. Once you detect them you can block them from even getting to your site. It’s a beautiful thing 🙂
Live Traffic: Live Traffic allows you to view real-time activity on your site. Wordfence does a pretty good job of determining whether that activity is a human, a bot, or potentially dangerous. You can view in real-time if something suspicious is going on and then determine what action to take.
Blocking: You guessed it. We love blocking malicious activity. Wordfence provides multiple ways of blocking IP’s. Probably the coolest is in the Live Traffic feature. If you see someone (or a bot) trying to exploit WordPress weaknesses you can immediately block them right then and there.
Firewall: Wordfence’s Firewall feature is not too shabby! They’ve even built in the ability for it to “learn”. By monitoring the behavior on your site it tries to differentiate automatically between normal behavior versus suspicious behavior. And, when it detects suspicious acting IP’s, it goes into action protecting your site.
If you take the above security measures you can eliminate 99% of your worries about your site being hacked. The nicest thing about these website security tips is that they are free and easy to do. If you invest just a little time each week to monitoring and maintaining the security on your site you will easily stay on top of things and keep your website safe.