Blog } our thoughts

Website Security Best Practices: Keep Your Site Safe from Hacks



Posted by Leigh-Ann Heuer to   SecurityWordPress on January 30, 2015

Website Security Best Practices: Keep Your Site Safe from Hacks

If you’ve spent any time doing business online, you know that hacking happens. It’s not a matter of if someone (or some bot) will try to hack your website, it’s a matter of when, and how you can prevent it or control the damage if it occurs.

It sounds scary, we know, but the alternative – not doing business online – is simply not an option in the digital world in which we live. Also, it’s entirely possible to stay safe and secure on the web by following some web security best practices, regular maintenance, and getting some assistance from the pros.

Best Practices for Website Security

We work with many WordPress clients and have recently become aware of an increasing number of WordPress sites being hacked – usually from China and the Ukraine. These hacks typically strike those with unsecure passwords, no security plugins, and WordPress versions prior to 4.1. Luckily, these are relatively simple issues that can be avoided with the following steps:

  • Create a secure password: Recently, SplashData released its annual list of the most stolen passwords of the previous year, with gems like ‘123456’ and ‘password’ in the top two positions. There’s a reason so many sites get hacked each year, and one of the biggest is that users do not create secure passwords, instead opting to create ones that are easier to remember. A best practice when it comes to creating secure passwords is to use unique passwords (i.e. not something that you use as a password on another site or application) that use a combination of words, numbers, symbols, and both upper- and lower-case letters; for example $ecur1tY@.
  • Keep WordPress updated: This is a big must! WordPress updates its software frequently in order to address security holes that have been identified in previous versions. Therefore, if you are using an older version of WordPress, your website is more susceptible to attacks. At corecubed, our web maintenance package covers all WordPress updates, so our maintenance clients never have to be concerned about running older versions, since they are always up to date; however, the other security concerns need to be addressed.

While hackers are abundant these days, it’s important to remember that they are not looking for a “fight” in order to gain access to a website, which is why they specifically go after WordPress websites that are vulnerable because of security holes. By simply addressing security issues head on, you can effectively block most attacks to your website.

If not prevented or dealt with in the right way, a website hack can get your business's website blacklisted by search engines, which can be complicated to undo and means weeks or months of potentially lost business. A good maintenance plan should include a regular backup of your full website so that the site can be rolled back to an earlier, cleaner version if hacking does occur.

At corecubed, we recognize the serious threat that hacks pose to our clients, and our web development team has prepared a security hardening package that involves a combination of adding security plugins and tweaking a few dozen systems in WordPress and on the server, making it much safer from potential hackers.

If you’re interested in keeping your website safe and secure, contact corecubed today to learn how we can help!

 

Author: Leigh-Ann Heuer
Lead Content Architect


Enjoy this post? Why not share:


 

No comments yet... be the first to leave one.

 

Post a comment:

Commenting is not available in this channel entry.