Having your website hacked is probably one of your big business fears. I totally hear you, the idea of someone invading your digital privacy and messing with your stuff is infuriating. Not to mentioned that it can have direct financial ramifications on your business. When you site’s down the stream of leads and customers could essentially be cut off.
So, how exactly stop this from happening? The unfortunate answer is you can’t but you can decrease the likelihood of an attack. Website security tries to stay at least one step ahead of hackers, but there is no hard fast guarantee. Though fear not, take a read through our recommendations, and make sure you have your butt covered with these easy to implement solutions.
Good, I Mean Great, Hosting
Your website’s security starts with stellar hosting. The saying “you get what you pay for” definitely applies here. Budget hosting providers, are just that budget, and usually for a reason. There are a few different options when it comes to hosting (Shared, VPS (Virtual Private Server), Dedicated and Managed Web hosting), usually small and medium sized businesses go the shared route which means you are sharing server space with other companies. This is when the hosting quality comes into play to make sure what the other companies do on their website doesn’t impact you. Asking for a recommendation from a seasoned web developer helps and taking a look online for reviews is a good starting point.
Hosting Back Ups
When you pay for a high-quality hosting it usually comes with daily back ups. Aside from the obvious that having a back up of your site is key, it will allow you to roll back to a previous version in 1-click. If you are not super comfortable doing this yourself, quality hosting providers usually have great customer service that will either do it for you or walk you through it. You got this 💪 or just give us call and we’ll help you out 🦸🏽
External Back Ups
We always recommend that clients get and store regular back ups of their site themselves. This is just an extra precaution to the hosting’s back ups. Now the key to this is to store the backups off of the website’s server. Heaven forbid something happen to the server and your website becomes irrecoverable and your backups were stored on that computer. My go-to plugin is called Updraft and I set the backups to run daily or weekly and to send the files to Google Drive.
Website Security Plugin
Majority of the websites we build here at Side By Side are on WordPress (it’s awesome for a whole whack load of reasons!) and part of our development includes installing and configuring a security plugin to monitor the website for nefarious activity. Our favorite security plugin is Wordfence, the free version is pretty solid and if you want to take it a step further, their paid version should cover almost all of your bases.
Update the Heck Out of Your Website
Most website attacks are automated. Bots are constantly scanning every site they can for any exploitation opportunities. It is no longer good enough to update a few times a year or monthly because bots are likely to find a vulnerability before you get around to update.
It is so very, very important to update your site as soon as a new plugin or version of WordPress is available. Those updates may contain security enhancements or patch a vulnerability, especially when it comes to the core WordPress files. If you plan on updating your website yourself, we highly recommend having a staging environment where you can do the updates without impacting anything your customers see. Once done the updating in staging you push your changes to production where it’s live to the world.
Choose Your Plugins Carefully
The WordPress ecosystem is large and sometimes people go crazy installing any and all plugins. We hear ya, it can be like a kid in a candy store. 🍬
Plugins are developed by third-parties, companies or individuals not formally associated with WordPress. And, while it may be unintentional, there is a chance that the quality of code can result in the dreaded plugin conflict, or worse open your website up for potential hacking.
Here are the things we look for when deciding which extensions or plugin to use:
- The age of the extension and the number of installs: A plugin created by an established developer that has numerous installs is more trustworthy than one with only a few installs created by a first-time developer. Typically, experienced developers have a better idea about best security practices, and they are less likely to hurt their reputation by inserting malicious code into their plugin. Kinda hard for a first time developer to break into the market, but this approach will keep your website safer.
- When the extension was last updated: If the last update was more than a year ago, we get concerned that the developer has stopped work on it. Usually we look for plugins that have been updated monthly. Furthermore, if a plugin is not supported by the creator, then it may stop working if core updates cause conflicts, and you definitely don’t want this to happen.
- Trusted sources: Download your plugins and themes from legitimate sources. Watch out for free versions infected with malware. There are some extensions whose only objective is to infect your website with malware. This is where employing a web developer comes in super handy, we have the experience and knowledge and have our repertoire of go-to solutions to not only build you a kick-ass website in record time, but also make it as secure as possible.
Please for the love of all things good in this word, please tell me your password isn’t “password” or “123456”
Our tips for you to have a strong password are:
- Do not reuse your passwords. Every password you have should be unique. To make life a million times easier, use password manager. We like Lastpass!
- Have long passwords. The longer the password is, the longer it will take a computer program to crack it. We recommend a minimum of 12 characters.
- Use random, complex passwords. Password-cracking programs can guess millions of passwords in minutes if they contain words found online or in dictionaries. If you have real words in your password, it isn’t random. Even using character replacement (i.e. replacing letter O with number 0) is not enough. Make sure you us letters (capitalization too), numbers, and special characters when allowed. Need help picking a password, use Password Generator.