Your website’s security & defense plan is crucially important to your business. We take several security measures to ensure our site and those of our clients are as safe as we can make them. Here’s a quick rundown of our top techniques:
Choose Secure Hosting…
Invest in a host that places high value on security. Cheaper hosting costs do not outweigh security. Look into the hosting company’s security record. Make sure they are security-conscious and utilize the latest technology and standards. Beware of shared hosting. It’s a cheaper option because you’re sharing server space with other customers. Unfortunately, if one website on that server space gets infected, the malware can potentially spread to every site on the network. Consider upgrading to Cloud hosting, Virtual Private Server hosting, or Dedicated hosting.
Install An SSL Certificate…
A Secure Sockets Layer (SSL) certificate encrypts the data served between the user and your website. This protects the data and provides assurance to your visitors that their information is safe with you.
Create A Strong Login Combination…
Choose a username and password combination that is not mundane such as admin/password, because hackers usually try the simplest combinations first, and this makes your site easily accessible to them. A good password is 10+ characters, uses a variety of characters, and avoids common words and phrases.
Here’s a list of usernames/passwords you should definitely avoid:
- Admin – This is one that is always tried in a brute force attacks.
- Your real name or nickname – These are easy to guess because they are public information.
- Any personal information – Including birthdays, etc. Only use a personal detail if it’s something no one could ever know.
- The title of your site, or anything obviously related to it
Lock Down Your Login Page…
By default, anyone can access the login screen for your website by going to yoursite.com/wp-admin. To prevent access you can change the URL entirely. WPS Hide Login allows you to switch it to a custom URL. Use a login path that isn’t obvious. Don’t use anything simple like /login or /new-login, because a determined hacker will try related and obvious combinations.
Choose something complex and unrelated to your personal or business name and also unrelated to access/entry terminology, such as:
- yoursite.com/inomniaparatus (Latin for “ready for anything”)
- yoursite.com/nogritnopearl (Or other short phrase or motto)
Next, install a plugin that limits login attempts such as WP Limit Login Attempts which gives hackers only a few chances before they’re locked out. It can also detect and redirect bots away from your login page.
Back-Up Your Website Routinely…
Anytime you want to make changes to your site, including updating WordPress or installing/updating any plugins, the very first thing you should do is backup the site. This can protect your site in the event of an accidental change to the code, WordPress glitch, a corrupted database, etc. With backups in place, you won’t need to rebuild your site from scratch if your site ever gets hacked or irreparably compromised.
If your host offers routine & automated backups, make sure they are including backs up of both your files and your database. It’s also a good idea to perform a few manual backups periodically. If your host does not offer website backups, or if the backups provided exclude backups of the files or database, plugins are another option. Plugins like UpdraftPlus, BackUpWordPress, & VaultPress are popular, but they should also be combined with a security plugin such as Wordfence.
Only Install Necessary Plugins…
It only takes a handful of plugins to get your site to the functional levels your business needs. Don’t go overboard installing any “fluff plugins” that slow your site down or potentially make it vulnerable.
These are the ones we most frequently install on client sites depending on their needs and preferences:
1. A Page Builder Plugin:
- Elementor (& Elementor Pro)
- For clients who plan on creating new pages on their own after we deliver their completed site. (Note: These can be used alongside our premium themes too.)
2. An E-Commerce Platform Plugin:
- Easy Digital Downloads / WooCommerce (& WooCommerce Connect For Genesis) / Etc.
- If clients will be selling items directly on their websites. These are not needed for clients whose sites are purely designed for lead generation.
3. A Script Management Plugin:
- Head, Footer and Post Injections
- For managing 3rd party code scripts (FB Pixel, Google Analytics, etc.)
4. An SEO Plugin:
- The SEO Framework / Yoast SEO / Etc.
- For managing the SEO configurations of a website.
5. A Forms Plugin:
- Ninja Forms / Contact Form 7 / Etc.
- For contact forms and various customized/specialty forms.
6. Opt-in Management Plugins:
- Genesis Enews Extended (Or preferred opt-in option)
- Popups by OptinMonster
7. Your Preferred Visual/Stylized Plugins:
Keep Your Plugins & Theme Updated…
Lastly, we suggest website owners stay on top of updates. Outdated plugins or themes are responsible for nearly 40% of website breaches. Updating them is as simple as going to your WP admin dashboard and checking for update notifications under Dashboard > Updates. To mitigate and avoid any update related glitches, we generally advise waiting about a week after an update is available to actually install it, which give the developers time to receive reports and address any technical bugs.
. . .
Want Us To Implement All These Strategies For You?
Our top-notch team includes website security pros who can set-up and configure these elements for you. We implement all of these strategies and customize each technique and plugin to your individual site’s needs.
Learn more about our Security Configuration Service.