At Barketing, we take website security seriously, and you should too! With WordPress being the most popular CMS platform in the world, this makes it a target for hackers and scammers. Therefore, it is important to be proactive and keep your WordPress website secure. We know the basics and importance of website maintenance like ensuring your plugins, theme, and WordPress install are up-to-date, use of an SSL certificate, only installing trusted plugins and installing a security plugin. But there is more that should be done at an advanced level by your webmaster.
Here are some tips and explanations of some advanced security precautions and monitoring tools that you should be using.
Set Up Local and Network Brute Force Protection
Local Brute Force Protection: Protects your website against attackers that are randomly trying to guess your login credentials. This is important because it will lock out a user or bot with too many unsuccessful login attempts. Once the bad login threshold is reached, the user will be banned. Without this protection, a user or bot can try an unlimited number of password combinations and may eventually get it correct.
Network Brute Force Protection: There is a network of websites that report and protect against the “bad guys” on the internet. Network brute force protection takes local brute force protection a step further by banning these users who have tried to hack other websites. This network protection will automatically report and block these bad IP addresses to avoid similar attacks on your website.
Our websites use iThemes Security Pro to give our clients the ultimate protection from vulnerabilities like this local and network brute force protection.
Use Form and Comment Spam Prevention
Although spammers are not hacking your website, there are very annoying! Using a plugin like Akismet helps block spam from not only blog comments but also from your Gravity forms. Akismet blocks and filters out 99.9% of spam so you only receive the comments and messages that you want to see.
We use Akismet on all of our websites for bulletproof spam protection. They do have a free version but it is for personal and blog sites only and does not support commercial websites.
Perform Frequent On-Site and Off-Site Backups
Let’s face it. Technology is technology. Like the humans who make it, it is not perfect. This is why it is 100% essential to have frequent stored backups. Why? If something breaks, if you make a mistake and delete the wrong thing or if your website gets hacked (there is always a chance), restoring your backup can usually solve the problem with little to no damage. If your website gets injected with malicious code but you have been backing up your website daily, you can go back and restore the most recent clean install of your website.
Security is important to us. All Barketing websites are backed up daily on our server and frequently backed up off-site depending on your monthly plan. Websites on our Basic monthly plan are backed-up monthly off-site while our Standard and Plus plans are backed-up daily off-site. These comprehensive automated backups include a 90-day backup archive. Backups are saved securely using Amazon S3 infrastructure in the United States and include 1-click restore and a downloadable file.
Run Daily Website and Server Security Scans
The best way to protect your website is pro-active prevention. Daily website scans for known vulnerabilities, malware, and blacklists help keep your website clean. If there are any issues you are then notified immediately so the issue can be rectified. Software vulnerabilities are the top culprit of hacked and compromised WordPress sites so it is important to stay on top of security scans. Server level security is a proactive way to monitor at a deeper level to locate malicious, suspicious or corrupt files that a website scanner may not find.
Our Barketing Website Toolkit performs automatic daily checks for known vulnerabilities on your site. If a patch is available, the vulnerability will be automatically fixed. In addition, we have invested in a server level scanner that actively scans files to help prevent exploitation of an account by malware by deleting or moving suspicious files to quarantine before they become active.
Use the Most Recent Version of PHP
If you have a self-hosted WordPress site, it should be running on PHP 7.4+. This is the most stable and secure version of PHP which is important to help make sure your website is vulnerability free. PHP 7.2 will only be supported until November 2020 while PHP 7.1 and earlier are no longer supported and therefore may be exposed to unpatched security vulnerabilities. PHP Currently Supported Versions. Not updating your PHP is like advertising to hackers that your site will be easier to break.
If you see the below warning when you log in to your WordPress website, message your hosting coming ASAP and get them to update your PHP to the latest most stable version. All Barketing websites are currently running on PHP 7.4.7.
Use Secure Passwords
Even if you implement all of the above security protocols on your website, a weak password will simply make your website more vulnerable. This is one reason why we cannot guarantee your website will not be hacked. While we implement many advanced security protocols to ensure client websites have the best chance to withstand hackers, there are situations outside of our control. Use a secure password that is not used for any other login. Yes, it is hard to remember hundreds of passwords – but as hackers get smarter, you need to be more cautious. Use a program like 1Password to store all of your secure passwords in one place. You can take a step further and set up 2-tier authentication for extra security.
The best passwords are randomly generated passwords with at least 10 characters. Try to include at last 1 lowercase and uppercase alphabetic characters, numbers and symbols. Avoid using easy to guess passwords, your pet’s name or a variation of your business name.
Weak passwords make your website vulnerable. Period.
It is important that you implement a strong security strategy on your website. If you are using basic hosting then these types of security features will be up to you to implement. It is important that you make security a priority now so it won’t be costly later. The more precautions you use the less likely your website will get attacked. Don’t cheap out on your website hosting and maintenance services!
If you want to take your website security even further, iThemes has tons of extra security features like customizing your login URL, set up user groups, set password requirements, passwordless login, user logging and more!
Erika Godwin is the President of Barketing Solutions and the Co-Founder and CMO of ProPet Software, an industry-leading kennel management software. Erika has over 8 years of experience with WordPress and graduated from Elmira College in 2009 with a BS, Business Administration- Marketing and Management.