10 Steps to Better Website Security
If you’ve got a website, you know that at some point someone will attempt to hack it. This post is about minimising the risk and protecting your website. Whilst hackers will continue to devise methods to infiltrate blogs and websites, it doesn’t mean we can make it as hard as possible for them to do so.
#1 Remove the telltale signs that give hackers a clue about my site including:
- The WordPress version from the website’s header – don’t tell people what version of WordPress you are running, especially if your version isn’t up to date.
- Remove your admin username and replace it with a unique username and password.
- Remove the login link from your theme.
#2 Secure your login and installed plug-ins and systems that do one or more of the following:
- Limit the number of login attempts an IP address can use within a specific timeframe.
- Add two-factor authentication, which will require you to enter an additional code to login.
- Renamed the “wp-login.php” file to something else (such as “log-in.php”) so that hackers cannot know the correct login URL.
#3 Add SSL to your website.
Contact your hosting about this. You can get a free, or low-cost SSL certificate through most website hosts.
#4 Establish systems to:
- Scan your site regularly for virus and malware
- Update plug-ins and WordPress software
- Back-up your Website site regularly
#5 Create a strong password to log into your site.
A strong password includes upper and lower case letters, numbers and special characters. Make sure your password has nothing to do with you or your personal life, so it cannot be guessed, and have a system to change it at least once every 90 days.
Passwords are the easiest way for your website to be hacked.
#6 Hire reputable and trustworthy providers including:
- Website designers/developers
- WordPress Theme developers
- Ghost/Guest bloggers
- Virtual assistants
- Each provider is given a unique password and username and administrative login information is changed after the business with the provider(s) is concluded.
#7 Change the default table prefix in the WordPress database or have it changed for you so that hackers cannot easily access your database. (Note: For a new Word Press installation, you can change the table prefix in the “wp-config.php” file before installing WordPress. If you have WordPress installed, visit WordPress.org for instructions.)
#8 Uninstall and remove any and all unnecessary themes, plug-ins, and users.
#9 Employ the services of a reputable host with demonstrated security practices and systems in place and a reputation for secure hosting.
#10 Ensure your backup system is working effectively and efficiently. Backing up your Website site isn’t a “set it and forget it” event. Create a system to regularly check to make sure your blog/site is backing up effectively.
No blog or website is impervious to hackers. However, when you take these ten steps to protect your site, you’re drastically reducing your odds of trouble. It’s well worth the time and effort up front to protect your business in the long term.
If you’re not sure who maintains your website, have a chat with your website designer. Ask about how the site is being maintained. If you don’t have a maintenance agreement, now might be a good time to get one.