When it comes to security for your website, prevention is definitely better than cure.
Just ask anyone who has been the unfortunate victim of a hack or malware attack and they will tell how frustrating, expensive and time-consuming it was to fix. And they’ll offer you this piece of advice for free:
Do not to wait to be hacked before you improve your WordPress security.
While nobody is immune to being hacked, every website owner can take appropriate measures to improve their security levels. These days, basic security is not enough. You need to increase security levels to stay as far ahead of the game as possible. Your website is one of your most valuable business assets and deserves to be treated as such.
Here’s a checklist of things that will help you improve your WordPress security:
Host – when choosing a website host, check their reputation carefully. What support do they offer, do they provide a SSL (secure server) option, how reliable are they, do they backup your site? Are client reviews available? All these questions are important from a security point of view.
Passwords – this probably sounds like stating the obvious, but you need to avoid the obvious and choose a strong password. No ‘Password123’ please!
The longer a password is the harder it is to crack. Mix it up and include lower- and upper-case letters, numbers and symbols. Then the second part of the equation is remembering the password and storing it safely. Consider using a password generator, or a password manager. Or think of a memorable sentence, including numbers, and then take the first, second or last character to make your password.
Two factor authentication (2FA) – a two-step verification process may seem tedious but it’s a great security measure to add. Think bankcard and PIN number – one doesn’t work without the other. If someone does access your password, they won’t have the physical means to verify access to your site. Google offers a free app for android and iOS by way of Google Authenticator. It provides 2-step verification via SMS text message or voice call.
Protection – Even with a super-strong password and a 2FA in place, you can still be subject to brute force attacks. How would you like free protection that blocked IP addresses after a limited number of access attempts? Jetpack Protect offers just that; as do BruteProtect and Wordfence Security.
You can take your site protection to the next level by installing VaultPress. It provides daily backup, automated restores, backup archive, spam protection and safekeeper support.
FTP settings – File Transfer Protocol (FTP) is a standard network protocol for transferring files between a client and a server. You need to limit the write access across your directories to ensure only your FTP account can access.
Updates and plug-ins – can improve security. Ignore them at your peril! Set aside regular time to implement updates and remove obsolete plug-ins. If you no longer use a plugin, delete it. If you use it, update it at least once a month.
Implementing all of the above will improve you WordPress security. Take time to do it today!