By Paul Ooi Aug 20, 2018

Are you starting your own online business with WordPress? Maybe you’re already in the swing of your business. Either way, securing your services and client information is an essential way grow your business and build confidence in your client base. Here are some ways, from simple to advanced to keep your WordPress website secured.

Blocking Spam in WordPress Comments

If you’re setting up your WordPress site, you’ll likely have an installed plugin called Akismet, but by default is deactivated. If you plan to allow visitors to comment on your posts, make sure you activate this plugin to take advantage of filtering out spam comments on your site. It’s a free plugin and if you don’t already have it as an installed plugin, make sure to search the plugin library on WordPress for it.

Update Your WordPress Website Plugins

Only install plugins on your site that are reputable (highly rated and reviewed) and frequently updated to be tested with the current versions of WordPress. You should always be making sure that the current version of WordPress is running on your site, as the WP Team is usually making updates to maintain security. If your site isn’t up to date, chances are it’s not taking advantage of the latest security updates to protect against what is going on in the web. A good rule of thumb is to make sure that the plugin that you’re installing has been updated in the last 4-6 weeks, is at least 4 stars and has at least a 100,000 installations. This way you know that is actively maintained and there are many users to file bug reports or suggest improvements when the need arises.

WordPress Brute-Force-Attacks

Guard against those crawling robots that will try to attack your site through ‘Brute-Force-Attacks’. How does a programmed robot do this? It’ll try to access your wp-admin login page and attempt to gain access by guessing your password over and over again. Unless you’ve set a limit to how many times a login can be attempted, you may be leaving your entire administrative back-end open to hackers. Here at Simplistics we use Wordfence, we care about the security of our clients and their sites. You can also download and install the free limited version of Wordfence for your site, and use its functionality to limiting login attempts. Wordfence has a monitoring interface to regularly check for vulnerabilities in your site so you can maintain a healthy site. Another notable security plugin in the WordPress community, is Sucuri Security, who claim they’re globally known for their web security monitoring and features to keep your site secure. Both monitor blacklisted IP addresses, scan for malware in the files installed on your site looking for backdoors and any malicious code.

Change Your WordPress Password

Something you’ve heard likely many times, is to change your password often. The reality though with passwords are that we want to use something that easy to remember and the tough passwords with various symbols and numbers and different cases are just difficult to remember. To solve this, use a combination of randomly generated passwords and a password manager like 1Password. Whatever you use, make sure the reviews are overwhelmingly positive and don’t assume that cheaper might be better. When it comes to security and the health of your business, don’t take that chance.

Securely Log into your WordPress Website

In case you’re the developer or you’re working with a developer, make sure that wherever they’re developing your site, they’re using a secure login with SSH or with long hashed passwords. The code to your site is the blueprints to the nooks and crannies that may be tempting to a hacker interested in turning your site into their playground. At Simplistics, this is at our core and we keep our code secure and use encrypted logins everywhere.

When you’re collecting data from your visitors, make sure it is encrypted or hashed in the database. Speak to your developer about this, as you wouldn’t want to have credit cards or other personal information about your clients being stored on your site in plain human readable text. Services like MailChimp and Paypal do this, and they take their security seriously, and so should you.

Install a SSL Certificate on Your WordPress Website

Have your heard about an SSL certificate? Maybe you’ve seen it in the forms of websites that have an “https” or “secure” at the front of their url address. If you haven’t set this up for your website, you’ll soon be viewed in the eyes of your visitors as a bad company to do business with. Google’s already stated that their Chrome browser will be labeling sites without a valid SSL certificate as “not secure”. There are free and paid options for an SSL certificate that can be linked with your domain. Ask your developer about them, as they offer different levels of security and trust. How to do these certificates work? Well, that’ll need to be it’s own post but put simply, it tells the visitor that your business is indeed who it claims to be, and not some phishing site trying to hack their information.

WordPress Website Backups

It’s always a good idea to backup your site and it’s database. There are plugins that will allow you to schedule your backups like Jetpack. A good rule of thumb is to keep 3 recent backups and depending on how active your site is, you may want to do hourly backups instead of daily or weekly backups. Backing up will ensure that you’ve got a saved copy of your site that works even if a hacker does break in. Your backups should be store in more than one place, on the cloud, on an external hard drive and in a couple different physical locations.

Keep in mind that if a hacker is intent on breaking into your site and they’re determined, they’ll likely find a way. So it is up to you to make sure you are doing everything available to keep your business secure. Put into practice these tips and visit these sources for additional ideas to secure your business.