What is security?

The latest statistics show that every single day 30,000 sites are hacked. These sites will often end up hosting malware that can infect your visitors computers. These infections may end up stealing credit card details or login details for online banking. Often sites are hacked for black hat SEO purposes and links or content will be inserted to help the hackers clients sites rank. This has a knock on effect of damaging your online visibility and can result in a blacklist and removal from Google search results. Worse still, a hacked site will often be all but impossible to visit from any major web browser that checks for any blacklisting before forwarding on the user so traffic will plummet (as will your reputation).

In a nutshell – a hacked site is bad for your bad for your reputation, will hurt your marketing and online visibility and will hurt your business.

Managing Security

Computer security as it relates to WordPress and your website has several main factors we must consider. These factors start with the human element (always the weakest link) through the domain name, website hosting and then a multitude of factors with the website itself. Statistics show that around 50% of sites are hacked through either a plugin or theme vulnerability, 40% are hacked through a security issue with their hosting and around 10% are hacked through weak or cracked passwords. The good news is, most, if not all of this can be easily avoided with some pro active security measures.

Security Measures

In most cases hackers are looking for easy wins. Sites that they can scan with an automated tool and exploit an out of date theme or plugin and gain access. In most cases this will result in backdoors, redirections, injections of content & links, malware distribution and other nefarious means. In many cases you may not know and often hacks can be in place for months and the owner only becomes aware when traffic or search visibility plummets and is investigated.

The following ten best practices will deter 99.99% of hack attempts and keep your site visible and your site visitors protected.

1. Users – ensure all users with access to the domain, hosting or website have up to date anti virus software installed and have no form of infection or vulnerability on all devices they use to access the site. Review who has access to what and conduct a password audit. Lock down access so only those that need access still have it.
2. Hosting – ensure the hosting company you use provides a secure environment and be sure to ask your hosting company what precautions they take.
3. Network – ensure that connections to the website by FTP or any other means are only ever done on safe, private networks – no public wifi!
4. Passwords – ensure all passwords for the domain, hosting control panel, database, ftp and website access are strong and kept private. A six character password can be brute forced in around 10 minutes so go for a 12 digit mixed case, alpha numeric password with some additional characters to keep it safe.
5. User Levels – everyone does not need to be an administrator. In fact, you only need to login as an administrator when you are doing administration. Audit all users and user levels and ensure only those who need admin rights have them and only login as an admin when necessary to do so.
6. WordPress – keep WordPress, your theme and plugins 100% up to date. 50% of hacks gain access through out of date software so keep on top of this and you are already 50% safer.
7. Back Up – in the event of a compromise or infection a daily, off site back up will allow you to quickly recover from any issues and get a clean version of your site online preventing any blacklist issues. This also provides some insurance against running so many updates should something go wrong.
8. Anti Virus – a website anti virus will scan your files on a daily basis and identify any issues before they have chance to harm your site, SEO or users. Combined with a back up this can allow you to clean the site, roll back to a previous version and secure the site with the minimum of disruption.
9. Firewall – a website firewall or web application firewall will pro actively protect your site against most external attacks providing an additional layer of security. This prevents most attacks even reaching the site and provides a shield for vulnerable plugins giving you time to update to the latest versions.
10. Extensions – WordPress is a robust, mature and secure product. The same can not be said for all themes and plugins out there. Only use themes and plugins from trusted providers and audit the code of anything used. Never, ever use downloaded or free plugins as there will always, always be a catch.

There is a lot more you can do but adhering to these ten basic security principles will make your WordPress site more secure than 99% of the other sites out there – this takes you off the easy target list and the hackers, in most cases, will simply move on.

Managed Security

WordPress Security, like everything else, needs management and a pro active stance. wArmour looks at all the angles and ensures that your site is not one of the victims. We ensure your traffic remains your traffic and your investment in your SEO and marketing is insured against these all too common problems. Contact us today for a free security audit and advice on how you can ensure your site is safe and secure today and every day after that.