I attended WordCamp – Kansas City last weekend, a conference where entrepreneurs and website designers and developers came together to learn more about the WordPress web platform. One session I went to was about keeping your website secure.
The speaker, Michele Butcher, whose job is to clean infected websites said, “We will never be 100% secure because the Internet is always evolving.” Sounds scary, but I see the truth in that. I’ve heard WordPress is vulnerable to hacking but with some extra effort (sometimes lots of extra effort), it can be guarded from hackers.
A WordPress website is a good solution when a retailer would like to maintain his own website but he would like some help with the initial setup. The administrator of the website has full access to design the site and add functionality. Then the retailer can take over to update the content in the role of an additional admin, an editor or an author. Just as building and maintaining the website is a team effort between the retailer and ourselves, so is keeping the site secure.
99% of the time hacking is done by bots that don’t care who is being attacked. It doesn’t matter if your site is for an individual or a large corporation. They get in through the site’s theme, plugins or by guessing the password.
Create very strong passwords, using all of the following if possible – capital letters, lowercase letters, numbers, special characters – in a random order. An example of a very strong password would be 4v#Rn9G2. Never, EVER use “admin” as a username and “password” as a password.
WordPress, along with its themes and plugins, are often updating to a new version to safeguard against malware and to improve the user’s experience. It is important to backup the website often and update whenever a new release is available. Update the WP version first and then its components. Some well-liked plugins for security include WordFence and iThemes.
Remove any plugins and themes not being used. They can be a security threat. But before removing anything, be sure to backup the site. Back up to some place other than the hosting server.
When someone needs to temporarily log into your site, create a new user for them. Don’t give them your login. When they’re done, delete their user account.
There are a lot of components involved in keeping the website secure but if it helps to keep your website from going down, the extra effort is worth it.