We talk about cyber security quite a lot these days. Between the Cloudflare data breach and the many vulnerabilities coming to light, it’s easy to see how we should be worried about websites getting hacked.
Before disaster strikes, how can you make sure that your website is properly secured?
The long answer is that you “can’t”. Sorry, but it’s the truth. You won’t ever be able to know if a website is properly secured because there is no one size fits all solution to security. You won’t get a little dashboard notification letting you know “you may get hacked in 3 days”.
Keep in mind, even the best security solutions won’t 100% secure. It’s the nature of the beast; hackers will always strive to find new ways to break down a website’s defenses. However, what’s important is to make it as hard for them as possible. This will discourage most hackers and they will move on to other websites, seeking weaker “prey”.
Here are a few steps you should take to protect your website:
Not every security measure has to involve code, scripts and a security expert. Having a strong password can make a huge difference and you’re are the responsible. Don’t go for something that is incredibly intricate just make sure your password is strong.
You should require that all individual users make sure that their passwords are long as well.
Passwords that need to be upgraded to secure your website aren’t just WordPress-related.
Update all of the following passwords:
- FTP password
- SQL password
- Email password
And please, avoid writing these passwords down on a post-it stuck on your screen on in a notepad file somewhere. Keep these passwords safe.
Double authentification is another means to add a layer of security. Even if someone were to find your password, they will need to log in from a device that is familiar to the system.
An added effect of double authentification is that it reduces brute force attempts to get in your website. Brute force attacks usually aim for the connexion page trying to guess the login and password. Double authentification doesn’t let that type of guessing game happen.
Security also means being able to restore things if an attack occurs. You have to make sure that your backups are functional. They should be easy to decompress and restore. Think of backups as your insurance policy: nobody wants to have an accident, but if one occurs, having insurance is better than nothing.
Do not rely on manual backup processes. Chances are, you will probably do it properly the first month, but not beyond that. Prefer an automated system that will take care of this for you and inform you when a backup has been done (or if an error occurs).
Monitor your website and make sure that it is accessible on a daily basis. it’s a good way to make sure that everything is going OK. You can use a website monitoring plugin to do that. However, don’t forget that a keen eye can pick up quite a lot as well. Go on your website and visit your blog, test your footer, navigate via your menu. This inspection lets your detect certain issues that do not necessarily get picked up.
Check your contact form, send an email via the form once in a while. If you receive nothing, then you should be asking yourself a few questions such as: is my email service disabled?, is my email port doing good?, did I close the garage door this morning? Ok the last one was a bonus security question.
Notice a big dip in sales on your e-commerce website? Make sure that your order process is up and running properly.
If you are using HTTPS, make sure that the little lock in the address bar is present. If the little icon is no longer displayed, your certificate has been compromised. This should be remedied fast!
Monitoring your website and monitoring your files are two separate things. Website monitoring helps monitor the “front of the house”. Filte monitoring on the other hand is concerned with files accessible via FTP for example. Your website can be up and running…with some malicious files on it.
A malicious file is NOT a file containing a vulnerability. It’s not a plugin file that contains a security flaw. It’s a dangerous file that placed on your server to harm your website. It is there to act as a point of breach.
Sometimes, certain files in your installation are modified in a way that avoids suspicion. Core WordPress files, plugin files or theme files or even your own files can be modified to serve nefarious purposes.
This is why you need a file monitoring service to help detect modified files. This service tags suspicious files as “unknown” or “potential malware”. No human can check as many files as an automated system can!
Make sure the person in charge is alerted every time something unusual happens. In the olden days we called this person a webmaster, nowadays it can mean anyone from a blogger to a team of a dozen people. The one thing that remains a constant, no matter what the size of the team is the alert system. You must make sure to receive emails in case of danger such as malicious files or any other suspicious activity detected. It’s the best communication method to enable you to face potential security threats and attacks.
Monitoring does take time. However, it is an amazing way to make sure everything is going well on your website. It is very difficult to prevent getting hacked if someone has set their minds to pirating your website. Use all the tools you have at your disposal to dissuade as hackers as much as possible.
Automating most of your security processes so that the process of securing your WordPress website doesn’t take hours out of your day or week. SecuPress Pro was designed to automate all of these tasks to reduce the risk of getting hacked, help you save time on backups and simplify the WordPress protection process. Try it today!