As more and more businesses take it upon themselves to manage and maintain their website we are seeing an awful lot of ‘Webmasters’ who lack the knowledge and know how to secure and maintain their company website.

Over the last few years’ advancements in the digital world means its easier than ever to get your hands on an installation of WordPress, configure a WordPress theme, implement advanced Plugins and do all this with little training and resource.

There is no doubt that this is extremely positive, but unfortunately with this comes a big group of ‘Webmasters’ who neglect the importance of keeping their website secure. I would even go as far to say that many simply do not understand the importance of website security.

In this post we are going to look at some simple steps which should help to secure your website.

Are you up to date?

One of the main reasons that websites are hacked is simply because you are running outdated software or plugin versions. So many websites are compromised daily for this one simple step. I can’t stress enough how often this is overlooked.

If this is something that you struggle to stay on top of or commit your time to, then let us do it for you.

In 2016 we introduced a security and firewall package which allows us to manage all website updates for you. If this is something you would like to discuss with us then simply contact us and we can discuss your requirements.

It is safe to say the majority of website hacks are automated attacks. Bots continuously scanning and crawling websites looking for vulnerabilities that they can exploit and plant an attack.

So step number 1 is super simple…update.

What is the password?

More often than not when we take on a new client we will require access credentials to their existing server and WordPress installation. I would love to say that each time we receive these credentials the username and password are extremely secure. Its safe to say they are far from it. Examples like Admin/Admin is not a secure password.

Creating strong passwords is essential. There are 3 key elements to creating a secure password.

  1. Complexity
  2. Password Length
  3. Exclusive

Complexity – Passwords should be random, so using ideas like your date of birth, your date of birth backwards or your favourite sports team are not considered to be random.

Password Length – The longer the password the better. We usually recommend 12+ characters. Whilst some security specialists may consider that not to be enough, from all the research we’ve read surrounding website security, many agree that 12+ is a good standard.

Exclusive – Having passwords that are exclusive to each account is very important. Whilst many people hate the idea of having multiple pin numbers for bank cards, multiple passwords for email, passwords for FTP accounts etc. The reality is that if you have one common password for all, with one single account failure everything is compromised.

Now the most common question this normally throws up, is how are you supposed to remember all these passwords? There are now tools out there called password managers. These online tools allow you to store your passwords in an encrypted format.

Manage User Access

Managing user access is key to ensuring that users only have access to carry out their specific role.

For example if you have someone that contributes to the blog, then they do not require full administrative access.

Having clearly defined access limits will protect your website from ‘Rogue’ users and also ensure that if any user is compromised it should help to limit any of the damage that can be done.

Carefully Selecting Plugins

 As we know the amount of plugins accessible to users out there is huge! I would go as far to say its likely you will be able to find a plugin for most website functions.

When sourcing any plugin its always wise to review each plugin before purchasing. Its worth noting when the plugin was developed, when it was last updated and how many users have downloaded it.

Its likely you could be faced with the following options;

Option A – Language Plugin – Last Updated July 2016 – 50,000 downloads – Plugin supported by Author

Option B – Language Plugin – Last Updated Jan 2013 – 500 Downloads – Plugin Not Supported by Author

Now out of the two plugins the safer option would clearly be option A.

When sourcing plugins make sure you purchase them from a reputable and legitimate sources. There are many sites that provide ‘Free’ versions of paid plugins. Steer clear of these, if you know that it’s a premium plugin and requires you to purchase it, its likely that this is a pirate version and will certainly contain malware.

Its time to lock this down (excuse the pun), there we have 4 simple steps in managing your website and how you can improve website security. These four steps alone will not prevent your website from being totally hacked. However they will help to significantly reduce the risk of your website being hacked.

We are happy to talk through any new projects or how we can support your business requirements.

If you would like to get in touch with us then contact us or call us 0115 798 0699.