How to protect your WordPress website
Security is not a one-off endeavour, nor a switch you can simply flip and be done. Once is as good as never. You wouldn’t lock your office door just once a year, would you?
The protection of a website involves several processes, most of which need to be monitored and performed regularly. The following seven tips form the basis for a secure website.
The 7 most important tips
No software is ever launched without bugs. And the same applies to content management systems (CMS). A task that we have become more or less accustomed to on our PC and mobile phone is often forgotten on websites: running the latest updates to keep the system fresh.
Our tip: Update WordPress… again and again and again. The best way to eliminate any security vulnerabilities is to update the system, themes, plugins and scripts promptly.
Imagine that you only have one key for everything: your office, house, car, apartment, safety deposit box. And you share this key with others so they can get into your house. What sounds convenient for you at first can quickly become a risk. With websites, it is often the case that all users unnecessarily have all rights and permissions
Our tip: Do not set up general admin accounts. Give each user their own dedicated access, and only as many permissions as they really need to perform their tasks.
Should I update unused plugins? Could old themes be deleted, maybe? Many sites operate with huge amounts of junk data and offer hackers a large surface to attack.
Our tip: Remove any unused extensions. Vulnerabilities can be exploited for attacks even when themes, plugins and scripts are disabled. Check and repeat this procedure regularly.
Make sure you only access the Internet over a secure network connection when making changes to your website. When using public Wi-Fi networks, there is a high risk that your access data might be scanned.
Our tip: If you can’t avoid editing your website via a public Wi-Fi network, only use it with limited access rights.
The security of your entire website is at risk if the computer that you use to edit it is infected with malware that can work out your passwords.
Our tip: Only use ‘clean’, virus-free computers with operating systems that are up to date (your IT department would usually ensure this).
The chances of a successful attack despite all precautions can never be completely ruled out. That’s why regular backups are needed for emergencies.
Our tip: Create weekly backups. A ‘clean’ backup is the easiest and often the only way to restore an infected website.
Ignorance does not protect against damage. It is important that you keep abreast of the latest security vulnerabilities and updates.
Our tip: Stay up to date on the topic of WordPress security.
Doing nothing is not an option
If you don’t know about the maintenance and security precautions offered by WordPress, or you don’t know them particularly well, doing nothing is not an alternative. In view of the possible consequences, it would even be negligent. Here you can learn more about the potential dangers. Although many customers ‘kind of’ know the risks, they often don’t expect the consequences of a hacker attack.
Muhammad Ali once said on a flight: “Superman doesn’t need a seat belt!” The stewardess hesitated briefly, and then replied: “Superman doesn’t need a plane, either.” The boxer soon buckled up.
Secure passwords: an all-time favourite
One of the biggest problems are insecure passwords. They are like invitation cards to hackers, opening up all doors for them to carry out new attacks. For example, “admin” as the username and “1234” as a password are no longer so common, but “dave_jones”, “cd”, “03.24.1984” or “I-forgot-it” may be just as widespread and equally unsafe.
What does a secure password look like?
- It contains at least 11 characters
- It contains capital letters
- It contains lowercase letters
- It contains numbers
- It contains special characters like: +@*%&/()=?!$
- A password should not be used more than once.
- Example: jA6Qwi$nCol
Generate secure passwords
- Online: LastPass Password Generator
- Chrome: Strong Password Generator or 1Password Chrome Extension
- Firefox: Secure Password Generator
We recommend a password manager
Once you have decided to use secure passwords, you are immediately faced with the next challenge: How do I remember all the passwords? The solution: with the help of a password manager. This makes it easy to manage even the most difficult strings, including across multiple devices.