3 Tips to Secure Your WordPress Website
As a business entrepreneur, the topic of online security should always be in the forefront of your mind. This is especially true for anyone new to running an online business.
As we all know, having a website is vital to our success, and whether you’re an indie author and digital designer, like me, or whether you’re running a small business with a website to enhance your customer traffic, online security should be your top priority.
As I have discovered, it’s extremely difficult to acquire the “techie” skills needed to produce an elaborate website, while, at the same time, trying to run a business. Though it would be wonderful to have professionals set up our websites, this is extremely cost prohibitive for many of us.
So, as individual business owners, we’re often left to go-it-alone as we struggle to understand the ins-and-outs of complicated website design, while at the same time, keeping it safe from hackers. There is much to learn, and at times, it can be overwhelming.
Here are three of the most vital things I’ve learned about protecting my WordPress website.
Tip No. 1: Keeping Your PC Protected Is the First Step in Securing Your WordPress Website.
Cyber Security Lock
At the global level of your online security, you’ll need a strong virus protection program installed on your computer. You should look for a product that will protect your site from:
- malware and ransomware
- identity theft and fraud, and
- keep your online accounts protected with password encryption
After researching the most popular products, including Norton and McAfee , both of which I’ve used in the past with great satisfaction, my latest choice is Webroot Internet Security which, not only does all of the above, but it also keeps my computer running smoothly, and as a bonus, also protects four additional devices, allowing me to protect my iPad and my family phones.
The following review of Webroot by cybersecurity expert PCmag.com, helped me with my decision:
“Perfect score in our malware protection test. Very good antiphishing score. Ransomware protection. Light on system resources. Fast scan, tiny size. Advanced features.
Cons: Limited lab test results due to unusual detection techniques. Missed one unique hand-modified ransomware sample in testing.
Bottom Line: Tiny, speedy Webroot SecureAnywhere AntiVirus keeps a light touch on your system’s resources. It aces our hands-on malware protection test, and can even roll back ransomware activity.”
Article: The Best Antivirus Protection for 2019, June 27, 2019, www.pcmag.com
Webroot’s price of $39.99 was the final deciding factor for me. This virus protection software product is highly ranked by the experts, and its cost is within the budget for my small business. Investing in the security of your PC is the first step you should take when starting an online business.
Tip No. 2: Keep Your WordPress Website Secure Using Firewall Plugins.
One of the biggest challenges I face as an online business entrepreneur going it alone, is keeping my WordPress website and online activities protected from hackers and viruses. I learned the hard way, that updating your website plugins is a critical part of your daily online security management.
Back in 2014, after spending numerous hours learning how to build my site (all by myself and with no website-building experience), I soon discovered my hard work had been reduced to a hideous cartoon picture of a ship with explosions coming out of it.
Seeing this actually frightened me, and I wondered how deep this damage had gone. I also struggled to understand why someone would waste their time with little-old-me. I soon learned, I was part of an extremely common mass-scanning hack-job. Beware, this could happen to you, too.
My web-host provider could do little to revive my site, except offer a high-cost specialty analysis, which I was unwilling to pay. Disgusted and defeated, I took my website down and never bothered with it again until 2019.
These types of things can break you and make you want to quit. That’s exactly what I did. I gave up. My struggles and hours of labor to make a successful attempt at an online business only to have it hacked, left me devastated and feeling frustrated and vulnerable.
Since then, I have educated myself as to what needs to be done to protect my WordPress site from malicious attacks.
One thing I failed to do back in 2014, was to regularly check into my WordPress admin page and update the plugins. Outdated plugins is a common vulnerability hackers look for and use to sneak in through the backdoor of your site.
Plugin developers are always updating their products, in many cases every few days. The main reason for the updates is usually to patch security vulnerabilities. If you don’t consistently go in to your site and apply those updates, you’re leaving it open for hackers to breach.
Checking into your admin page and updating your plugins every couple of days is essential to keeping your site clean and protected from viruses and suspicious activity.
Hand-in-hand with this routine should be the deletion of inactive plugins and themes. Outdated plugins with old code is another way to create easy access for hackers to infiltrate your site. Be sure to delete inactive plugins, making sure they’re completely gone.
Image by Darwin Laganzon from pixabay.com
An excellent security plugin I use for my WordPress site is Wordfence. It is one of the most popular security plugins available. Here is what its Founder and CEO, Mark Maunder, has to say about this product:
“We block over 2 million attacks every hour for our customers and clean hundreds of hacked websites every month. We believe in WordPress and the community behind it and are passionate about our role in making the internet safer.”
This WordPress plugin will monitor your site for malware and ping you via e-mail with any suspicious activity happening with your site. It will also alert you when an any update is required, including plugin updates.
For $99.00 per year, the premium version of Wordfence will give you in-depth protection, including a protection from IP addresses that are currently attacking WordPress sites, known as Wordfence’s Real-Time IP Blacklist. This blacklist blocks all requests from suspicious requests hackers use to gain access to your site, as well as providing you with real-time firewall and malware updates.
The premium version of Wordfence will also give you access to a team of top security experts to answer your questions and provide you with related hacking and virus technical assistance.
Tip No. 3: Keep Your WordPress Site Secure With Password Protection And Management
Cyber-attackers come in many forms. They may be politically or financially motivated, or even worse, criminally motivated. Beware of the hacker’s tricks to lure you into divulging sensitive information such as master passwords or the location of sensitive documents, the discovery of which could be digital or in-person.
Never give anyone your any passwords, and especially, your master password.
These criminals often use information publicly available online, most often from posts in social media mention your travel plans, your preferred hotels or airlines, and even from your photos.
Is your house address number shown prominently in the background of your Facebook photo? Or is your work badge ID hanging from your purse? Someone could call you and pose as a hotel manager.
Be proactive in your security, and always be aware that the next cyber-criminal may be sitting next to you at the park or on the city bus. They may not target you immediately, but instead may conduct additional surveillance of you before targeting you in a phishing scheme that targets e-mail addresses, or even worse, your personal financial data.
Password management is imperative for everyone with an online presence. They protect us from hackers who often obtain information from large corporate databases, often stealing massive amounts of user names and passwords. Once they have your information, they can impersonate you, lock you out of your own sites, and even change your passwords.
Obviously, this can present a serious problem for your digital security, especially if you mistakenly use the same password for many sites.
Never use the same password more than once!
As an example, if the hacker finds your email password, and you use this same password for your bank, he now has your banking password as well.
Do you see how dangerous this can be?
I can’t emphasize this enough. Never use the same credentials for duplicate sites. This is where the real trouble starts.
This leads to the obvious.
Password Protection is one of the most important steps you can take to secure your personal information. Selecting a strong and complicated password is your best defense against hackers.
Protect your passwords by making each one unique for each of your sites, making sure to select a strong, complicated password.
Obviously, if you learn your password has been breached, waste no time in changing it.
Never log in to sensitive accounts on a public, untrusted computer, such as those at the public library or at a hotel’s business center. These types of computers could be infected with malicious software that may work to steal your passwords.
Two-factor authentication doubly enhances your security because it requires additional information the hacker doesn’t have. I recommend using two-factor authentication for all your sites.
Be sure to store all your passwords in a safe location, and never share them with anyone.
I know many people who reuse passwords because it’s easier to remember. They say it’s impossible to keep track of that many passwords. Not true! There are many reputable password apps that store all your passwords in one convenient location.
A popular password management app I use is Dashlane. This app manages all your passwords alphabetically. You can also store secure notes.
For example, I keep track of some of my parents’ passwords in the notes section. Dashlane can even auto generate your passwords when logging into various sites from your mobile device. This makes logging in easy and gives you quick access to all your various accounts.
The free version is surprisingly ad-free and even evaluates your passwords for you, letting you know whether your chosen password is secure. It will also inform you if you are using the same password at duplicate sites.
Dashlane Premium which, at the time of this publication, was a reasonable $4.99 per month, provides unlimited password storage, and you’ll receive Dark Web monitoring across all your devices, as well as a VPN for WiFi protection.
I use the free version and so far, I have 150 passwords stored there. So if you have less than 150 passwords, the free version is right for you.
Another cool feature of Dashlane is the password generator. You can have the app generate the password for you. It tells you if its “super safe” and you can use the easy copy button to paste it into your sites. There’s no need to memorize passwords with this cool app.
As an online business entrepreneur, cyber security is crucial in protecting your business from hackers trying to steal your livelihood. Take the necessary precautions and remain diligent, so you can get to the real work of producing great products for your business.
I hope you enjoyed this post. Thank you for visiting!
Writer. Creator. Designer. Lover of coffee and words and music.