Data breaches and website hacks of huge companies are the ones that make the news — but did you know that 62 percent of all cyber attack victims are small and medium-sized businesses?
In part, that’s because many of them are complacent about WordPress security, thinking they’re so small they’ll fly below the radar. But you know better than that — you read the IvyCat blog!
A hacked WordPress site can seriously damage your ecommerce business’ revenue and reputation, not to mention giving hackers access to your customer information and even the ability to distribute malware to your users.
Here are six things you can do (no coding required!) to make your WordPress site more secure.
Get more tips: 6 Ecommerce Mistakes Every New Business Needs to Avoid
Secure Access to Your Site
Everyone’s default WordPress login page is www.yoursite.com/wp-admin. Hackers know that, which is why they often start here when trying to break in to your site.
Take these basic precautions to keep them from simply waltzing in your website’s front door:
- Change the default “admin” user to something unique
- Use secure passwords and change them regularly (if you have multiple users, use a plugin like Force Strong Passwords)
- Use 2-factor authentication such as Google Authenticator to verify users
- Set up a lockdown feature for failed login attempts with a plugin like WP Limit Login Attempts.
Use SSL to Encrypt Data
If you subscribe to our newsletter, you’ll have seen that as of October, Google will start warning people if they’re on a page with a form that’s not secured with HTTPS. That’s because implementing an SSL (Secure Socket Layer) certificate ensures secure data transfer between browsers and the server, making it harder for hackers to break into the connection.
In the interest of WordPress security and customer confidence, making the move to HTTPS is smart. Check out this tutorial from KeyCDN for more information.
Update Your Site Regularly
WordPress will automatically take care of minor updates (you should get an email when this happens), but you’ll need to manually install major release updates. WordPress makes this easy, but we highly recommend that you make a backup of your site first in case there are any problems.
It’s important to update not only your core WordPress software, but also keep an eye on your plug-ins and themes. Plug-ins and themes are normally maintained by third-party developers; when they’re ready for an update, you’ll see it from your dashboard. Be sure that your core WordPress and themes are updated first, however, or a plugin update could cause your theme to crash.
It’s also a good idea to delete any inactive plug-ins that you don’t plan on using again. Hackers can use flaws in old code — even in inactive plug-ins — to install malware on your site.
(Want someone else to keep an eye on updates for you? Check out our WordPress support and maintenance plan.)
Back Up Your Site Regularly
Whether your site’s been hacked or a stray comma in your code crashes everything, knowing your WordPress site is safely backed up is a huge relief. It’s easy to do using plugins like VaultPress or BackupBuddy.
We recommend you back up your site more frequently if you make regular changes or have a lot of transactions. We perform daily off-site backups for customers on our WordPress support and maintenance plans.
Choose a Secure Host
You can have the most locked-down car in the world, but if you park it in a seedy garage with no security, you’re asking for trouble. That’s why it’s so important to pick a reputable shared hosting provider like BlueHost or SiteGround, which take extra measures to protect their servers against outside threats.
Some of the features that you should look for are:
- Support for the latest PHP and MySQL versions
- Account isolation
- Web Application Firewall
- Intrusion detecting system
Learn more: Hosted vs Self Hosted E-Commerce Sites: What You Need to Know
Put Your WordPress Security in Trusted Hands
Hackers are constantly finding new loopholes in WordPress security, which leads to new updates, which leads to more loopholes, which leads to more updates — which puts yet another thing on your already full plate.
IvyCat’s WordPress support and maintenance plans put your site in secure, knowledgeable hands. We back up your site daily, keep your updates current, and use Sucuri to monitor for suspicious activity. Plus, you’ll get discounts on site tweaks and two support tickets every month to help you troubleshoot your site. Learn how we can help today.