Online security is a major concern for many people. No one wants their site hacked and removed, and certainly no one wants to have viruses on their site that can affect their visitors. While it’s impossible to have foolproof security, there are ways you can secure your site in order to give it the most protection possible. WordPress is a site filled with risks, and we’ll explore those now.
The Problem with WordPress
If you haven’t had any problems with your website when it comes to security, you may think that it’s unlikely you will ever be hacked. After all, you’re probably not a celebrity, you don’t own a powerful company, and hackers shouldn’t be interested in you. However, this is not the case. Even under-the-radar blogs can be hacked.
Hackers don’t need a motivation to attack. You don’t have to be their enemies, you don’t have to have a huge or controversial website, and you don’t have to be a famous person. The motivation for your site getting hacked can be a simple one, and that’s your site is easy to hack. Hackers enjoy ruining people who don’t have their site secured. So let’s look at the biggest ways that you can actually secure your site.
Create a backup of your site so you can restore it if it does get hacked.
Put extra security measures into your site that will make it harder for hackers to compromise it.
Let’s look at a WordPress site and what it consists of. First, it consists of the database. The database keeps all your content, settings, and files on the server, which has all your plugins, themes, images and more.
To back up your database, consider installing the WP-DBmanager plugin. This allows you to create backups of the database automatically at different intervals, and by emailing them to you, you can keep them around and restore them whenever.
Backing Up Your Files
Your hosting provider should give you the easiest ways to back up your files, but some of them don’t give you the features you want. One good host, if you can switch, is Hostgator, which gives you a weekly backup on all accounts, as long as you meet their maximum allowed storage.
By installing different WP websites on one account, you’ll probably go past the limit. If you see a message on the sidebar saying that the backup has failed, you’ve more than likely reached the backup.
Another hoster, StormOnDemand, has a backup that is fully customizable. It creates daily backups, which allow you to store them for about 90 days. While you have to pay for it, it’s not pricy.
If you just want to enhance you backup experience, look at the service known as SiteAutoBackup. If you have a cPanel account for hosting, you can backup your site daily and keep them for a month. At two dollars a month for starting, it gives you extra security without draining your wallet.
Now that you have a proper backup, all you have to do is click a few times when your site is compromised to restore it back to normal. Now we need to add more measures to make sure that you won’t even have to back up.
Updating your WordPress
On the Internet, there are forums for any topic you can think of. From commonplace activities to the most bizarre conspiracies out there, there’s something out there for everyone. So it’s no surprise that there are sites dedicated to exploiting security flaws in sites. If someone reads about these, they can try to use it on your site. This is all the reason a hacker needs to bring down your site, a motivation from curiosity. Thankfully, these flaws are fixed with updates, and WordPress allows you to click once in order to update.
It’s common sense to update your WordPress and your plugins. If you have a previous version, it’s prone to bugs, which are fixed in the new update. So while updating may be a chore, it’s something we should all do. It’s even more of a chore if you have multiple WP sites. With that said, there are plugins that can update them all at once. Look at manageWP or WP Mass Updater in order to update everything.
If you install new plugins, you need to make sure that they’re all up-to-date. You need to see if they have the latest version, and check to see if it’s been updated recently. A plugin that rarely gets updated is more prone to security risks.
Of course, people don’t have to take the backdoor to compromise your site if the front door is easy to unlock. If someone has your password, all they have to do is log on and cause damage to your site. Therefore, it’s common sense not to use simple passwords. Don’t use your birthdate, your name, or anything else to make up your password.
To keep track of your password, check out LastPass, which is free. LastPass creates one secure master password, and it generates secure passwords for every account automatically. Of course, if someone gets a hold of your manager, they will be able to get everything you have. However, it’s less of a risk than using non-secure passwords.
You can also use secure passwords with random words, but it’s hard to remember this, and you’re going to need lots of memory in order to do this.
Also, your username shouldn’t be “admin” or your display name. In order to change your username, go to Users and then Your Profile. You can change your nickname to something that no one will guess.
Securing Your FTP
If you’re on a standard FTP (file transfer protocol) connection, it may be useful for organizing and managing your server files, but it’s un-encrypted, which means that people can see your username and password if they intercept it.
Instead, consider using a secured FTP connection, or SFTP. First, enable your SSH (secure shell) enabled on your account, and you need to set your FTP so it uses SFTP. Your username and password should connect. If you use Hostgator, log in to the client and click on View Hosting Package in the sidebar menu. Then, you should click on Enable Shell Access.
SSH is enabled by default if you use StormOnDemand, so if it’s not, ask for help and you should get the problem fixed.
Afterwards, you should install FileZilla, which is a free FTP client that’s available for all major OS. Open it and go to File and then Site Manager. Set your host to your domain that’s registered, and precede this by “ftp” or enter the IP address of your server. If you use Hostgator, enter “2222.” If you use, StormOnDemand, keep it blank. Select SFTP on the Protocol drop-down menu, and select your login type as Normal. Enter the cPanel login data, click connect, and there you go. That’s all you need to have in order to get a SFTP connection on all your files.
BulletProof Security Plugin
This is a WP plugin that will protect your files by creating htaccess files. This means that attacks via code injections will be protected, and it hides your version number as well as recommends you as to how you should change permissions in your files.
CloudFlare is a free service, and all you have to do is sign up for it and make sure that you install the plugin as well. It’s a caching tool and it helps to increase the loading speed of your site. So what does it do for your security? Well, it blocks requests from sources that are known for maliciousness, including spambots and bots that look for info. It’s a great service to use, and best of all, as we said, it’s free!
No matter how unknown your site is, it can be hacked, and it can ruin your life. Thankfully, by securing it, you’re lessening your chances. If it’s hard to hack, then they’ll give up, since you don’t have much to offer, anyway. As we said before, though, securing it 100% is impossible. That’s why you need to back up your site as much as you can in order to make it secure. All you have to do is install the backup, and soon you won’t have to risk anything!