Imagine logging into your website one morning only to find that it’s been hacked.
Instead of your usual welcome page, you’re looking at a big, red Google warning which says your site is now a ‘Phishing Attack’ or, worse, is hosting ‘malware’. You may even find that your hosting company has taken your site offline completely in order to prevent any further infection.
As a web designer, I often get new clients coming to me for help in these kinds of emergencies, and whilst we can usually get the website (or a subsequent version) up and running again within a day or so, it is still a stressful time for all involved. And seeing all of your creative skills and brilliant copy vanishing into cyberspace never to be seen again, can make you want to give up your web presence altogether.
If you want to avoid this situation with your WordPress site, prevention is always better than cure. So make sure you regularly change your password, update your plugins, backup your website (try WordPress Backup to Dropbox), login to your website regularly, update your themes when available and only download plugins from familiar resources.
In addition, I would also suggest you consider taking the following actions on your WordPress website:
Install the Wordfence Plugin
Wordfence is ‘the most downloaded security plugin for WordPress websites’ and is a great weapon in the war against global hackers. You can choose a free or premium plan (and the premium version can be as little as $8/9 per month) and it’s really easy to install.
I use this on my website and for my hosting clients. Wordfence is a very reliable plugin that gives you peace of mind. One of its other great features is the status updates, so you can see how many attacks it has blocked, how many login attempts have been made on your site, and which countries and blocked IPs are trying to sabotage your site. This kind of information can help you to decide whether you need to take additional security precautions too.
Switch your website from HTTP to HTTPS
You know when you’re doing some online banking or you’re about to checkout at an online merchant, and the HTTP turns into HTTPS? This ‘S’ means it’s a ‘Secure’ site and the website has taken extra precautions to secure your personal details and/or credit card information and stop hackers stealing your credentials.
If you have an e-commerce website, this added layer of protection relies on an SSL certificate and you can obtain yours from your hosting provider. This is great reassurance for anyone submitting their personal details to your website and peace of mind for you that you’re taking your data protection responsibilities seriously.
Filter Spammy Comments & Pingbacks with Akismet
Finding the time to wade through and reject spammy comments and pingbacks from your website is nigh-on impossible when you have a business to run. By using a plugin such as Akismet, however, you will save yourself heaps of time, and improve the security of your WordPress site.
It’s a clever little plugin which captures the spam before you even set eyes on it. This way, you’ll be able to spend your time replying to the ‘real’ comments by ‘real’ users instead of the spammy bots with malicious intentions.
I hope this article has helped you to see just how useful these three security plugins can be, but if you have any further questions about ramping up your WordPress site security, then please do let me know. And remember, prevention is always better than the cure. Don’t leave your website security to chance.