You can be the biggest WordPress security expert in the world, it won’t matter one bit if your hosting company gets compromised. Hosting your own websites? Good luck with the Heartbleed bug, that affected the whole Internet for 3 years before someone noticed it.
There is no such thing as a completely secure website. Your website will get hacked. It’s not a matter of if, but when.
So, if you can’t be 100% safe, what can you do?
The fight is won or lost far away from witnesses—behind the lines, in the gym and out there on the road, long before I dance under those lights.
Be Responsible About WordPress Security
The Greatest told it like it is: You don’t start thinking about security when you’ve been hacked. By then it’s too late. You think about it before you start your website. You vet the plugin and theme authors. You keep an eye on your websites. If you’re out of your depth, you hire an expert. Being prepared makes all the difference in the world.
Don’t, for one second, start thinking that any WordPress security plugin and/or service will somehow make you magically prepared. We can help you take most of the load off your shoulders and provide the tools you need, but at the end of the day you, and only you, are responsible for the security of your WordPress website. And if your attitude is “meh, whatever, I don’t have time for this”, you’re setting yourself up for a fall.
Always Have a Backup Ready
76% of WordPress users don’t use backups. That same survey found out that over 67% of WordPress users would pay $100+ to get their website back online in the case of a hack. This is the kind of insane shortsightedness we need to fight at every turn. You’ll never see an ice hockey goalie forget his helmet because there’s only a 2% chance of a puck hitting him in the face, right?
Even the biggest bad asses like being alive
It’s also the reason why we backup our client’s sites more than once per day. Handling backups for 70+ websites is a pain, so we built a backup plugin that’s easily controlled from the WordPress dashboard, no matter how many websites you have. We recommend that our clients use a robust, incremental backup plugin for WordPress that uses very little web server resources, and stores it on a secure off-site location. We also recommend doing hourly backup cycles, so your website has a restore point every hour. This is also beneficial if your site was ever hacked. It enables you to identify and patch the security vulnerability more quickly than if you had no backup or backups running just once per week.
Be Vigilant. Always.
Some attacks are easy to notice: your website goes down, or it’s defaced. The ones you don’t know about are much more dangerous: someone could inject malicious code into your website and abuse it for weeks, without you even noticing it. By that time your SEO score is crap, you’ve been blacklisted, and the damage has been done. That’s where we come in.
Uptime Monitors are great for detecting when your website goes down or is defaced. You’ll immediately get an email and/or an SMS with more details, and you’ll be able to spring into action before anyone else notices.
Website Security Checks inspects your website for known vulnerabilities, malware, checks the blacklist status, and a number of other things. In the near future we also plan to automate the checks, so you can let the system run daily checks and notify you if it notices something’s wrong.
Performance Checks are perfect for the sneakiest of the sneakiest attacks. Sometimes the Security Checks will not detect the intrusion because it’s a new type of malware that’s not in the vulnerability database, or maybe it’s not malware at all. Your website server resources are still being misused, and it’s slowing your website down. Pingdom.com grades your website performance and stores the result. Each time you run a new check, you can compare it to the previous grade and notice when it drops. Now you know something’s wrong, and you’ll be able to fix it before there’s any permanent damage.
- There’s no easy fix for WordPress security. You need to act responsibly
- Check your website security regularly