Welcome back to Bakerview Consulting!

Earlier in the week I shared an infographic on passwords – with the title of “Is your password pathetic?” May seem a bit harsh, but as we’ll find out today, creating a “non-pathetic” password is a wonderful step you can take towards making your website (or anything else, frankly) more secure.

Today we are going to talk about a list of simple things you can do to keep your  WordPress site secure. As many of you know, I like to use a plugin called Wordfence to keep my sites secure and to let me know when something or someone is attacking. Wordfence has an informative blog that I read on a regular basis. They do a great job sharing about security issues in easy to understand language. One of their latest posts talks about how sites are hacked. How does the hacker get into a site or how does malware find it’s way into a site?

In order to figure out how to keep your site secure, you need to know how sites are hacked. Wordfence did a survey of 1032 blog owners that had been hacked and asked them if they knew, how they were hacked. As they point out, most site owners don’t know, but of the ones that do, here are the results:

 

credit: Wordfence blog

As you can see above, the two primary ways a site is hacked – plugins and brute force.

Most of you who use a WordPress site are aware of what Plugins are, but let’s explain “Brute Force.” A brute force attack is either a person or more likely a computer program trying to get into your site. They try a variety of usernames and passwords attempting to find one that will work. As I’m sure you can appreciate, a computer program can try thousands of possible combinations of usernames and passwords in a short period of time, hoping that one will allow entry. Hence the name ‘Brute Force.’

Unless you are a specific target – like a large company, your site being a target is usually  what’s known as a target of opportunity. Just like if you leave money visible within your car when you are parked at the mall, you become a target of opportunity. Thieves aren’t hunting you down, they walk by your car and see money visible and decide to break in. Same principle with your site – if you have an obvious vulnerability, hackers may happen by and take advantage of it.

To make your site less likely a site of opportunity, you want to look at making it more difficult for a crime of opportunity. Just like you don’t leave valuables visible in your car, you take actions to make it harder for hackers to get into your site.

Think about it – by paying attention to two aspects of your site (plugins and passwords) you will reduce the likelihood of being hacked by almost 80%.

Let’s come up with a list of 8 simple actions that you can take to protect your site.

Don’t use the default “Admin” username for your site. The is often the first choice of hackers. Make your usernames a bit less obvious.
Choose a strong password – as I often say – make it ugly! Use a combination of small letters, capital letters, numbers and symbols. As you saw in the previous post, an large number of people use ‘password’ or ‘12345’. Don’t be one of those people
Consider using other security features for your site. Wordfence is my go-to plugin for  security on my sites. It allows you to lock out certain usernames and problematic IP addresses. I find it works just fine in the default settings – no need fuss usually. WordPress also allows for what it calls two factor login on your site. It’s an easy choice to add to your site.
Keep your version of WordPress up to date. Every time WordPress offers an update, click on the update button
Keep all your plugins up to date. Every time an update is offered, click on the update button
Set a calendar entry to remind you to check your plugins every 4 to 6 months. Any that are not being kept up to date, replace with another plugin that is.
Choose plugins carefully for your site. Don’t be tempted to pop any old plugin in onto your site just because it is popular. Choose a limited number of plugins (I generally suggest in the 8 to 10 range) that provide important functionality that have a track record of being kept up to date and are actively supported by their designers.
Limit the number of people who have Administrator access to your site to people who can be trusted and know what they are doing.

 

 

I hope this list helps you take some important steps to keeping your website safe. As always, don’t hesitate to ask questions!

*****

To keep you up to date on what’s going on, subscribe to the blog, or perhaps you are wanting to take the next step in your learning. Do you want a free PDF of helpful hints about finding some powerful book bloggers to help you get the word out about your book, and some videos that lead you through trouble spots of understanding for most authors. Click here to start. Lastly, all my books are 99 cents for the next week. If you were thinking about getting a copy, now is a good time. They are all on Amazon.

 

The post 8 simple steps to keep your WordPress site safe appeared first on Bakerview Consulting.