Having built hundreds of WordPress websites over the years, we receive requests almost daily to remedy sites that have been highjacked, infected or taken offline due to malicious activity. In a majority of cases, unperformed maintenance and a lack of basic security measures were to blame. If you rely on your website to assist or directly affect your sales performance, read this article to learn the ins-and-outs of website security along with concrete steps you can take to ensure you stay protected.
Contents
Protecting your investment is a no-brainer.
Imagine this: you’ve just invested several months in getting your new website up and running. You’ve written content, curated photography and video, critiqued designs, and tested features and functionality. In addition to your time, you’ve also invested a significant amount of money in developing your new website. Finally, your new site is online and you’re enjoying measurable results – more traffic, more leads, and more sales. With all the resources you’ve dedicated to your new site, do you really want to leave it vulnerable to hackers, spammy links, downtime, maintenance issues, and other security threats?
What are the negative impacts of website security breaches?
The effects of a security breach depend upon the nature of the attack. Security breaches can negatively affect site performance, usability, uptime, and placement in search results. They can also compromise the privacy of information submitted through the website, such as information transmitted from customers and prospects through form submissions. In a worst-case scenario, a hacker can take over administrative rights to your site and make it difficult or impossible for you to regain access.
Why would someone want to hack my website?
In our experience, there are many potential reasons why bad actors do what they do. One of the most common reasons is theft, which may include stealing information or money. Another common hacking goal is to set up spammy redirects and referral links to drive traffic to another website. Other hackers are motivated to identify vulnerabilities or shut down a website. And finally, it seems as if some hackers just want to see if they can do it.
How can I protect my website from security threats?
There are many actions you can and should take to secure and protect your website. Most are relatively simple steps that anyone can take with a little guidance.
Install an SSL
Your site should have an SSL certificate. SSL refers to secure sockets layer. This protects the privacy of information submitted through your site. SSL certificates are purchased or provided free of charge from your web host. We recommend WPEngine as our preferred hosting solution. WPEngine provides a free SSL certificate with your hosting package.
Choose a Secure Password
Set a strong WordPress admin password and change it regularly. It’s a good idea to use different passwords for different accounts so that cracking one password doesn’t allow someone access to all of your online profiles. There are many different schools of thought around achieving a truly secure password. One of the best levers you can use to create a more secure password is to lengthen it as this makes it more time consuming for computers to crack the password. We personally like to use incomprehensible sentences like, “We study click fuzz and paper clouds!” This password example is 38 characters long, yet it is still easy to remember.
Perform Regular Maintenance
Regular website maintenance is critically important to security. Be sure to stay on top of all updates to any installed themes, plugins, and the WordPress core. You can identify and apply all available updates in the WordPress dashboard under Updates.
Schedule Regular Backups
We recommend daily backups to ensure that you have a backup of the most recent version of your site in case you need to restore it. There are a number of tools to help with this. Some tools store a copy of the site locally, others store the copy in a remote location in the event that the entire server is compromised. We recommend solutions that store a copy in a remote location for added protection.
Monitor Your Site
If your website is the target of a hack, the sooner you discover it and take action, the better the chance you can avoid any major problems. In many cases, websites are compromised, but the issue goes undetected for a long period of time. In the interim, search engines may pick up on the site’s problems and demote the site in search results. A significant blow to search engine placement is one that can take months to recover from. You should pay attention to notices that come from your website and web host to question events that seem fishy or take appropriate action when prompted.
Subscribe to a Maintenance and Support Plan
Many website developers and hosting providers offer monthly plans that cover regular website maintenance activities. Most plans offered by Xponent21 include an allotment for hourly support services or discounts on time spent on support. A support plan can be an ideal option for site owners because it alleviates the burden to ensure proper protection is in place, reduces the likelihood that your site will be a vulnerable target, and ensures that you have priority support if something should go wrong.
Invest in Website Security to Avoid Potential Threat
Xponent21 is a digital marketing agency based in Richmond, Virginia, and serving clients across the U.S. and abroad. We offer our clients comprehensive support to ensure the continued health and security of their websites as well as a rapid response in the event of a breach. To learn more visit our support page or get in touch with a member of our team today.