As a website designer, I actually enjoy thinking about WordPress for the better part of my day. I know that’s not the case for everyone though. And for the average person trying to manage their own website, all of the details can easily become overwhelming, especially when it comes to keeping their website secure.
As a disclaimer, our focus is usually on building beautiful websites that actually work (so that beautiful buy now button doesn’t lead to a 404 page instead of your awesome sales page). However there are a few things that we tell our clients when it comes to the basics of keeping your site secure:
1. Don’t use admin as your login name. It’s the most commonly used name, so hackers will always try that first. Some of our logins are pretty silly, we use references from current Netflix binge watch and add random characters or numbers (so it’s easy for you to remember but hard to guess). Anyone trying to hack our site will have quite a time trying to figure out exactly what login to use.
2. Use a more secure password. I know, it’s pretty annoying when a website asks you to set up a password with 15 characters, including a capital letter, a number, and 3 special characters (in a non-consecutive order). Ok that last one was made up, but the point is that the requirements can get pretty crazy, and it can be tough to generate a password that meets those requirements. Still, there’s a reason why those passwords work, they are harder to guess. If you need help generating a strong password, go to: http://passwordsgenerator.net. You can choose how many characters you need, whether or not to include capital letters, and even whether or not to use special characters. Getting ready to make all your passwords super complicated and afraid you’ll forget every single one? (Trust me, it’s possible). Sign up for LastPass and you’ll only have to remember one password. Lastpass is also a secure way for clients to share passwords with you, so it’s been a total lifesaver for us.
3. Back up your website. If the worst case happens and your website gets hacked, having a backup can save you a lot of time and headache. You can set up a service like VaultPress to do backups automatically so you don’t have to worry about it, and when the time comes you can easily restore your site. Check out this post for some other back up plugins that may get the job done for you.
4. Create a secondary login for anyone that you are granting access to your site. For example, you’re getting ready to hire a VA to handle your blog posts and you want to give her access. You could just give her your main login details but it’s probably best to create a secondary login. Since your login has administrative privileges, anyone logging in with your credentials can do just about anything within your dashboard, including deleting the site entirely. Here’s a WordPress post on the different types of roles you can assign for your website. Having another account can also help in case your account gets locked out.
5. Install a plugin like WordFence to protect your website. Depending on your website, you might need a more robust security solution, however WordFence is a great place to start. The plugin can protect your site by detecting malicious users and blocking their IP address to stop them from accessing your site. Your site will also be protected from brute force attacks (when people try guess your login information) by blocking someone who tries the wrong password too many times. You can also automatically block anyone who uses the wrong admin name (which is where a unique login really comes in handy).
6. Hire a professional. One of our clients got 2500 emails in a day notifying her that someone was trying to hack her site; while they didn’t get in, it’s still nerve wracking. So if you need a more comprehensive security option, there are companies that provide that such as Sucuri Security. The best part of Sucuri is that they help protect your site but also help to fix it if you do get hacked. Another option is That Super Girl, she can help you if your site has been hacked so that you can get it back up quickly and efficiently.
As with anything else, it’s much easier to take precautions than it is to fix something once it’s broken. Take a few simple steps and save yourself the time and headache of a website emergency!