A hacked website can be devastating for a company, no matter its size. In fact, the majority of hacks are directed at small businesses! And the last thing you need as a busy entrepreneur is to worry about losing customer trust, search engine rankings, or website files.
While websites are inherently very secure, there are several ways a site can be hacked, including theme and plugin vulnerabilities and outdated server software. Most hacks are implemented by automated bots that scour the web looking for vulnerable sites without considering business size or popularity. So don’t think that you’re immune to a hack — a bot can attack any website at any time.
In this post, you’ll learn some of the website security essentials that every site owner should have and find out if you need to implement any advanced measures to protect your site in 2020.
Start With The Basics
If you are a 1 For Websites client, then you already have access to a variety of security features. Make sure you take care of the following :
1. Choose strong passwords and usernames
The easier your password is to guess, the easier it is for hackers to get in. Here are a few components of a strong password:
- Contains at least ten characters.
- Uses both uppercase and lowercase letters.
- Includes symbols — like asterisks and parentheses — and numbers.
- Doesn’t use common words like “password.”
- Isn’t tied to known information about you, like your last name or date of birth.
Avoid common usernames like “Admin,” “Administrator,” or your business name. Instead, choose something meaningful to you but not obvious to a stranger.
2. Prevent brute force attacks
Creating strong passwords can be difficult, which is why brute force protection is so important. Brute force attacks occur when a hacker or bot tries to guess the correct username/password combination for your site’s admin dashboard. They often use automated software that speeds up the process tremendously — some can guess thousands of passwords a second!
Our Server monitors and blocks login attempts, and protection begins automatically when you are hosted here at 1 For Websites. Check your WordPress or Joomla Administration and navigate to the dashboard to ensure protection is turned on and see the number of blocked attacks.
3. Update plugins
There are huge benefits to using an open source platform like WordPress or Joomla, but there are also some security risks. Source code for each plugin is readily available, allowing hackers to take advantage of vulnerabilities. In fact, plugin vulnerabilities are responsible for 55.9% of known entry points for hackers.
Typically, developers find vulnerabilities quickly and fix them in a plugin update. Installing those updates as soon as possible protects your website and often gives you valuable improvements and new features as well.
4. Add an SSL certificate
An SSL certificate (Secure Sockets Layer certificate) creates a secure connection between your website and your site visitors’ browsers. It encrypts any data shared on your site — like addresses, emails, phone numbers, and credit card information — and protects that data from hackers.
If you don’t have an SSL certificate, your site will show a “not secure” warning on users’ browsers, which can reduce your legitimacy in their eyes. SSL certificates also have a positive impact on search engine rankings.
5. Set up proper user roles
User roles define the capabilities and permissions of people who have access to your WordPress or Joomla “Administrator” role has the most permissions — administrators can perform absolutely any action on your site.
Carefully consider each of your users’ job functions and only provide them with the level of access they absolutely need. If you’ve hired an intern to write content on your blog, assign them the role of author or editor; they don’t need full admin access.
6. Monitor your site for downtime.
If your site is hacked and goes down, it’s important to know as soon as possible. 1 For Websites downtime monitoring feature checks your website every five minutes from locations around the world and sends you an email if your site is down. You’ll also receive a notification when it’s back up.
Does your site need more advanced security features?
Security is critical for any website and we always recommend the most advanced level of protection possible. We harden security measures in our homes when we feel vulnerable or think we’re likely to sustain a break-in. The same is true for websites. Here are a few reasons you might want to increase protection for your site:
- Your site is growing quickly and your visitor numbers or sales have increased.
- You handle important or valuable information, including personal data and credit card numbers.
- You’ve recently seen an increase in attempted malicious attacks.
If any of these describe your situation or if you simply want to be as secure as possible, consider adding these more advanced features :
1. Implement malware scanning
If your site is attacked, it’s important that you’re notified right away. The sooner you remove any malware and restore your site, the less damage is caused. After all, the longer your site contains malware, the more likely it is that Google will blacklist it, which can lead to a 95% loss of website traffic.
1 For Websites performs automatic, daily scans of your website, looking for malicious code and activity. You can also choose to manually run a scan at any time. If anything is found, you’ll receive an email with details about the threat and affected files.
To activate a Security Scan of your website lodge a support request and the staff on duty will be only too happy to assist
2. Use the latest version of PHP.
PHP is the programming language that WordPress and Joomla is built on. Just as plugins are updated for security and functionality, there are PHP updates for the same reasons. The latest version of PHP makes your website run faster, which provides a better user experience, and your website requires a minimum version to work successfully. But 38.7% of websites sites are still running on old, unsupported PHP!
The version of PHP used by your site is determined by your hosting service, so you’ll either need to find instructions for updating the PHP files yourself or ask 1 For Websites to update them for you.
We recommend that you perform a complete backup of your site and update all themes and plugins before updating PHP, to prevent any code conflicts and issues. You can also use the PHP Compatibility Checker plugin to make sure everything’s compatible on your site.
3. Perform regular backups.
Backups are like safety nets for your site. If something goes wrong — deleted files, code errors, or injected malware — backups allow you to restore your website to a successful, fully-functioning version.
1 For Websites maintenance options creates daily backups of your full site (depending on your plan) which can be restored in a few simple steps. While daily backups are a must, real-time backups make a copy of your site based every time a specific action happens — published, edited, and deleted pages and posts; installed, activated, or deactivated plugins and themes; user logins; spam comments; and more. With both in place, if you know that a hacker accessed your site with a specific user account, you can restore your site to a point before they caused any damage.
Backups are critical for any security plan and it’s important that you store them in multiple locations, separately from your server. After all, if your server is hacked, your backup files could be too! 1 For Websites stores your backups offsite, so you can restore a clean version of your website even if you can’t log into your dashboard.
Be proactive about website security
The time to protect your WordPress site is now, before something goes wrong and protect your most valuable asset. You’ll have peace of mind knowing that your site is protected so you can focus on running your business.
Until the next time.