7 Security Tips to Protect Your Website
It seems we’re hearing about data breaches more and more. From Equifax to Uber to Facebook, data security is on everyone’s minds. Whether your business is small or large, securing your website needs to be a priority.
As a company who develops and designs WordPress websites, this has been on our minds lately. We’d like to share some ideas for keeping your WordPress site secure. The more you know about website security, the more secure your site will be.
Use Strong Passwords
It’s surprising how often people underestimate the importance of a strong password. A weak password is one of the easiest ways an attacker can exploit your site. Create a customized password with free services like Password Generator and then use a secure service like LastPass to store them.
Consider Two-Factor Authentication
Two-factor authentication enhances login security by verifying your identity via a secondary method. Often times this means entering an extra security code. The app generates a code on your phone. This prevents an attacker from gaining access to your website. It works even with compromised passwords.
Use SSL
SSL refers to Secure Sockets Layer. It encrypts data exchanged between the browser and your website. SSL adds another layer of security to your website. It also has SEO benefits; Google has announced it will give a ranking boost to sites using HTTPS.
Stay Up-to-Date
Out-of-date software can be a big security risk. WordPress does offers automatic security updates to WordPress core. But, you still need to update plugins on a regular basis. Plugin updates can be released at various frequencies. It can be difficult to always be up-to-date. We recommend updating plugins at least every three months.
Minimize the Number of Plugins Used
One of the biggest advantages of WordPress is that its functionality can be extended. Plugins can add all sorts of features — event calendars, contact forms, and photo galleries, just to name a few. Each added plugin potentially opens the door to more exploits. Be judicious. Only install the smallest number of plugins that truly add value to your website. Uninstall and remove plugins that are no longer used.
Be Selective About Which Plugins You Use
There are over 50,000 plugins in the WordPress plugin directory. This means there’s a plugin out there for the functionality you need. It’s important to note that plugin developers have varying levels of skill and/or commitment to security. Often there are many plugins that do the same thing. Be selective when choosing a plugin for your site and keep security in mind. Look for plugins with good reviews and pay attention to when the plugin was last updated. Plugins updated frequently show that the author is committed to maintaining the plugin. This gives you more confidence that the plugin author will release an update if a security flaw is discovered.
Only Store Data You Need
Accidentally exposing personal data can be a threat to your business reputation. Data that people share with you through contact forms, applications, and email signups needs to be secure. Minimize your exposure to data theft by limiting the amount of data you store on your website. Export and delete old contact form entries. Store data outside of the website. For example, if you use Salesforce, consider sending leads directly to Salesforce instead of storing them on your website.
These are a few ideas for keeping your site secure. For more ideas, or for help implementing any of the items above, reach out and let’s talk about it.
