There is no such thing as a completely secure WordPress website. Your website will get hacked eventually if you don’t put site security at the top of your priority list. It’s not a matter of if, but when. And if you make money with a WordPress site, you’d be silly to not take site security seriously. Keep in mind, that humans are rarely trying manually to break into your site. Instead, scripts are written to scan for vulnerable websites and when they find one, then try to break in. So, a malicious hacker can setup a computer or multiple computers to stay on 24 hours a day and just scan and hack into many sites without touching the keyboard most of the time. It’s important to understand that if you’re website is on the first page of search engines, you’re even more open to attacks.
As you may know, WordPress is an open-source content management system software developed by Automattic, Inc. as opposed to closed-source software like Apple’s iOS. This means that the actual source code or the nuts and bolts of how it works is publicly available and accessible to developers. This is one of the aspects about WordPress that makes it so great. With open-source software, developers can collaborate and build just about any type of software solution to be integrated into WordPress. But, that same source code is also available to the types that are looking to break into and hack and exploit your site as well and this is why you should be concerned with site security. If your business runs on WordPress or any other open-source content management system, you need to secure it properly and continuously. You’ve been formerly warned and if you’re smart, you’ll take security very seriously.
You can be the biggest WordPress security expert in the world, it won’t matter one bit if your hosting company gets compromised. Hosting your own websites? Good luck with the Heartbleed bug, that affected the whole Internet for 3 years before someone even realized it’s existence.
So, if you can’t be 100% secure, what exactly can you do?
The fight is won or lost far away from witnesses—behind the lines, in the gym and out there on the road, long before I dance under those lights.
Be Responsible About WordPress Security
The Greatest told it like it is: You don’t start thinking about security when you’ve been hacked. By then it’s too late. You think about it before you start your website. You vet the plugin and theme authors. You keep an eye on your websites. If you’re out of your depth, you hire an expert. Being prepared makes all the difference in the world.
Don’t, for one second, start thinking that any WordPress security plugin and/or service will somehow make you magically prepared. We can help you take most of the load off your shoulders and provide the tools you need, but at the end of the day you, and only you, are responsible for the security of your WordPress website. And if your attitude is “meh, whatever, I don’t have time for this”, you’re setting yourself up for a fall. You can bet the guys trying to get into your site have time for it.
Always Have a Backup Ready
76% of WordPress users don’t use backups. This is the kind of insane shortsightedness you need to fight at every turn. You’ll never see an ice hockey goalie forget his helmet because there’s only a 2% chance of a ice cold, rock hard puck hitting him in the face off a slapshot and knocking his teeth out, right? 2% is enough of a reason to take precaution when the end result could be devastating to your online business.
Even the baddest asses like being alive
It’s also the reason why we backup our client’s sites more than once per day. Handling backups for 70+ websites is a pain, so we use a backup plugin that’s easily controlled from the WordPress dashboard. We recommend that our clients use a robust, incremental backup plugin for WordPress that uses very little web server resources, and stores it on a secure off-site location. We also recommend doing hourly backup cycles, so your website has a restore point every hour. This is also beneficial if your site was ever hacked. It enables you to identify the point of entry and patch the security vulnerability more quickly than if you had no backup or backups running just once per week.
Be Vigilant. Always.
Some attacks are easy to notice: your website goes down, or it’s defaced. The ones you don’t know about are much more dangerous: someone could inject malicious code into your website and abuse it for weeks, without you even noticing it. By that time your SEO score is crap, you’ve been blacklisted, and the damage has been done. That’s where we come in.
Uptime Monitors are great for detecting when your website goes down or is defaced. You’ll immediately get an email and/or an SMS with more details, and you’ll be able to spring into action before anyone else notices.
Website Security Checks inspects your website for known vulnerabilities, malware, checks the blacklist status, and a number of other things. In the near future we also plan to automate the checks, so you can let the system run daily checks and notify you if it notices something’s wrong.
Performance Checks are perfect for the sneakiest of the sneakiest attacks. Sometimes the Security Checks will not detect the intrusion because it’s a new type of malware that’s not in the vulnerability database, or maybe it’s not malware at all. Your website server resources are still being misused, and it’s slowing your website down. Pingdom.com grades your website performance and stores the result. Each time you run a new check, you can compare it to the previous grade and notice when it drops. Now you know something’s wrong, and you’ll be able to fix it before there’s any permanent damage.
- There’s no easy fix for WordPress security. You need to act responsibly
- Check your website security regularly