4 Things You Need to Do to Secure Your Website, Now!
We’re huge fans of WordPress. It’s been our primary CMS for development since 2008. There’s no shortage of positive things we can say about it, there are, however, a few drawbacks that you need to know about.
While the core of WordPress is super secure and stable, its real power comes from the numerous plugins that extend functionality. Plugins are the lifeblood of WordPress. ANYONE can make a plugin, but not everyone does it well. That makes plugins the weak link in your website’s security. There are plenty of bad actors who intentionally make plugins with security holes, malware, and even viruses. Perhaps you’ve seen last week’s news about AccessPress (it’s not good).
Even people without a technical background can set up a WordPress website. Non-technical “developers” will often utilize plugins to accomplish the development goals, but without the technical knowledge to properly vet these plugins, they often install bad or dangerous code. Several times a year a new client will reach out to us with a broken or hacked website. 99% of the time we discover the problem was caused by a non-reputable 3rd party plugin.
Another common Wordpress mistake we see is having too many cooks in the kitchen. WordPress allows any number of administrators and editors. When everyone in your organization can add/edit/delete content on your website, the methods they use will be inconsistent. This leads to broken content and increasingly difficult maintenance.
So what can be done to secure your WordPress site? Here’s some FREE advice from your friendly neighborhood website Heroes.
Get a WordPress security monitor that does the following:
- Checks for file changes against the core repository
- Locks out IP addresses that fail multiple login attempts
- Forces users to use a secure password
- Enables 2FA (two-factor authentication)
Create a manual for all of your website editors to follow when they make changes to your website. Be strict about this. If they don't follow the guideline, restrict their access. They're just creating more work for someone else to fix later. Teamwork makes the website work.
If you have a website service provider, ask them to verify these things have already been done. If they haven't, call us today! Do you manage your website in-house and taking these steps sounds incredibly daunting, no worries, we're here to help!