Breaking News: Security Breach
It seems like every time I turn on the news there is a headline such as “Twitter Hack Breaches Thousands of Accounts” or “Security Breach Exposes 4.2M credit, Debit Cards.” With all these major consumer hackings lately, security has become a big tech topic in our everyday lives. According to a recently released Harris poll, three of five US adults who are online say they feel vulnerable to being hacked. I think the reason is that most people aren’t sure of the best way to keep their information and websites safe from this type of activity.
As someone who uses the internet daily and helps clients build websites as business development tools, I thought it would be nice to share some tips on keeping your WordPress website safe and help eliminate some of that worry.
4 Best WordPress Security Practices
1. Keep It Current
One of the biggest security vulnerabilities in WordPress is old software. WordPress is updated fairly often and whenever there’s a new security issue they roll out an update immediately that contains patches and fixes that address those vulnerabilities. If you don’t keep your website updated with the latest version of WordPress, you could be leaving yourself open to attacks. You also need to keep your themes and plugins up to date—they can have security issues as well. Sometimes people put off updates for fear of breaking their site, but you’d rather break your site with an update than risk a break-in.
Also, just because a plugin is deactivated doesn’t mean it’s not a threat. So, make it a practice to delete plugins that are not activated and being used in your site.
2. Strong Passwords
Your security is only as good as your password. If you’ve got a simple password, you’ve got a simple site to hack. Your WordPress administrator password shouldn’t be anything like ‘yourname’, ‘abc123’, or ‘password’ (all way more common than you might think!). You need to use strong passwords. Your password should have numbers, capitals, special characters (@, #, *, etc.) and be long and unique.
Also, don’t use the same password in multiple places. Yes, remembering different passwords for different sites is tough, but a hacked site is worse.
3. Manage Users
Your own strong password is useless if another admin has a weak one. You need to manage your users. Not everybody needs admin access. The more people with admin access, the more chances to hack your site. Make sure you’re only giving admin access to the people who truly need it. And make sure those few admins are following good security practices.
Remember to update or remove users when you have staff transitions.
4. Back It Up
I can’t overemphasize the importance of making regular backups of your website. This is something that many people put off until it’s too late. Even with the best security measures at your disposal, you never know when something unexpected could happen that might leave your site open to an attack. If anything ever goes wrong with your site, you want to be able to get it back up quickly. That means you need a backup plan. In order for backup to work, it needs to be complete and automatic. Backing up your database isn’t enough. That will save your content, but you’ll still have to rebuild your entire site, including theme tweaks and plugin settings. And if your backup isn’t automatic, you’ll forget about it. I recommend getting a backup tool, such as BackupBuddy, to keep your site safely backed up and ready to be restored.
These are all easy steps to take to make your WordPress site more secure. You don’t have to follow all these tips. Even if you just start using stronger passwords, your site will be that little bit safer.
~ Bethany Howell, art director
