In this post I'm going to list some tactics that you can implement behind the scenes in your WordPress website to help it from getting malware. These techniques are not guarantees that your site will never be hacked, but the more that you can do to safeguard your website the better off you'll be.
These are 5 easy fixes for the non technical person that can help block the majority of internet misfits from having access to your site. Please know that there are more advanced techniques, but let's just get started with the quick fixes.
First, it's important to understand that if you are not using any security features on your website, then you are putting all of your hard work and your business at risk. The WordPress content management system is "open source" and one of the most popular website platforms being used today. That makes it a target for internet hackers. Without locking down your website from hackers, you leave your website vulnerable to malware.
1. Use Managed WordPress Web Hosting
Web hosts are not created equal. It's important to invest as much as you realistically can afford in a really good hosting company. Managed WordPress Hosting will do extra things behind the scenes to make sure your website is secure, including scanning for malware. A good web host will provide faster load times and great customer support. You can read more about the benefits of Managed WordPress hosting here.
In the alternative, when you sign up with a cheap, shared hosting plan you will be sharing the same server with 100 plus other websites. Essentially, you are sharing the bandwidth and memory with all of these other sites on the same server.
2. Always Have a Clean Backup
If your website gets hacked and you need to replace your WordPress files, do you have a clean backup that you can use to restore your website quickly? Backing up your files on a regular basis and storing them off site will ensure that you can quickly get your website up and running if something goes wrong. Your web hosting company often creates automatic backups already, but these backups are usually stored for 30 days and then no longer available. They are also stored on your hosting company's web server which defeats the purpose of having a clean backup.
3. Use a Security Plugin
This is an obvious one, but not every website owner follows this practice. Having a security plugin activated on your website is so important to prevent malware.
Some of the things you can do easily with a security plugin:
- Block out users signing in with admin or Admin
- Block out whole countries or regions
- Lock out users from using too many password attempts or using the lost password link too many times
- Add a firewall to out block fake Googlebots
- Scan for malware
- Prevent WordPress from revealing too much information which can make your site vulnerable
4.Use a Really Strong Password
Do not use Password123, your name, your website's name or anything obvious for a password. You should actually be using a password generator to come up with a password that has a long string of characters. It can be annoying to have to store and search for your password when you need it but LastPass Password Manager solves that problem.
Strong passwords help to protect your website against brute force attacks. A brute force attack is a method where a computer program tries to decode encrypted data by continuously trying different password combinations. This is done automatically through a computer so there can be numerous attempts per second.
5. Keep WordPress, Themes, & Plugins Updated
Since WordPress is "open source", anyone who studies the code long enough can find loopholes and vulnerabilities in your WordPress Core files, themes, and plugins. By keeping everything updated as updates are released, you can patch up any loopholes that are discovered before a hacker finds the vulnerability on your website.
Other benefits of keeping your files updated:
- improving your site's speed, which helps with your website's SEO
- having access to new features that WordPress releases as they come out
Website security should be a no-brainer. A website with no security features is like leaving your front door wide open in a bad neighborhood. You are just asking for trouble.
These are easy fixes, something every website owner should be following. It does take some time to put safeguards in place and to ensure backups are stored correctly. Our website care plans are great for a busy person who does not have the time to follow best practices for website security.