For many of us, our websites are the lifeblood of our businesses. But unfortunately, it seems like every week we hear about a major website security breach. Since WordPress powers around 25% of the world’s websites, those sites are often subject to malware or other types of attacks. When Kim Schlossberg Designs sets up a new site, we review it to make sure it is as secure as possible and then keep checking it at least once every month. Here are some of the steps we take:
Protect against brute force attacks. Brute force attacks are when the hacker tries to log in to a site using a guessed username, and then combining it with random passwords. Usually, they try either “admin” or the website name for the user name. We make sure no one uses these risky user names. In addition, we don’t let users have easy-to-guess passwords (123456, password, 11111, etc.), which many people still use, even in light of recent security breaches.
Change log-in URL. In certain cases, we change the default log-in URL to something difficult for hackers to find.
Automatic backups. We backup all sites weekly and ones with more frequent changes are backed up daily. This way, even if there is a breach, we can restore the site.
Updates. WordPress sites have a lot of components: the core program, the theme that controls the basic look of the site, and many plugins that provide specific functionality such as the contact form, backup utility, and analytics. The developers routinely update these components to improve their functionality and to protect against any security risk. So we need to update them on the site. We review all WordPress sites for these available updates at least once every month and delete components that are not being used.
Occasionally the component developers stop supporting or updating a theme or plugin. In those cases, we delete the old product and replace it with a newer one that offers the same functionality.
Security scan. We use a security firewall and scanning system to keep all of our sites protected from known hackers and to let us know if any unexpected files are found on the site. If we find a problem, we will delete it or correct it immediately.
For our hosting clients, we do all of this on an annual subscription basis. Our clients – and I – can sleep better at night, knowing these systems are in place to protect all of our sites from unsavory characters.