Too many of us think about security after something goes wrong. With the recent breach of Adobe many of their clients will be rethinking the security of their passwords and data at the moment. How often do you think about the security of your website?
Here are simple tips that will help keep your website secure.
Use secure passwords
If you can remember your password it is probably not secure enough. A ‘dictionary attack’ basically works its way through common words based on the dictionary, hence the name. If your password does not contain a real word then you are already more secure than most WordPress websites. There is a great post from WordPress.com about creating secure passwords.
Don’t repeat passwords
Tempting though it is, don’t repeat passwords. If someone gains access to one source you do not one to give them access to other accounts.
Secure your admin email address
Keep the admin email address used to login to your webserver, CMS, database etc. away from the public eye. Use a different address in your contact page. This will add another layer of protection from being scammed by a phising emails disguised as coming from your web host or domain registrar.
Back up your website regularly
Whatever you do to prevent it nothing is 100% secure. Regularly backing up your website will also ensure if you are ever hacked it is easy to return to a clean version of your website.
Choose a good quality web hosting company
Do some research and choose a good quality web host. Your website is only as secure as the web servers you host it on.
Be aware of how permissions effect the security of your website
Some scripts require you to change permissions to give them read & write access while installation. This can achieved by using the 777 code on vital folders like config, admin etc. Always Revert the file permissions back to their original code, say 755 or 644. A file or folder with full read write code gives easy access to inject malicious code in your website.
For those that use WordPress
Security Plug-ins
There are a few interesting security plug-ins for WordPress that can also help to protect your website.
Bad Behaviour – a free plug-in that helps to secure your website and blocks known blacklisted IPs. I use this one on all my WordPress websites.
Better WordPress Security – also has consistently good reviews. However, it is not one I have personal experience of.
Keep WordPress up-to-date
There are regular updates to help combat any security vulnerabilities. Always keep up-to-date. This includes updating your plug-ins.
Use good quality themes
A theme is the design and layout of your WordPress site. A good theme will be flexible enough for you to insert logos and change colour schemes to reflect your brand. It will also be built with security in mind. You can download new themes from directly inside the dashboard of your WordPress site. Always click on the ‘details’ link before installing a new theme to check out its credibility and compatibility with your site. There are a lot of free themes of varying quality.
- Check how many people have downloaded it
- Whether there are any good reviews
- Be aware that a distinctive free theme maybe used on a lot of other sites
- If you decide to go for a commercial theme do some research on the designer
- You need a theme that is regularly updated
- Check the theme is designed for your version of WordPress
- Ensure your theme is flexible enough to accept Plug-ins
- If possible visit the designer’s home page and to do some research.
It is worth spending some time as this will control the design and have major control over your visitors experience while visiting your site.
Choose the right plug-ins
Plug-ins are extensions to the functionality of WordPress. They can range from inserting code for Google analytics, linking to your social media accounts or even a shopping cart to turn your site into a fully functional on-line shop. There are a lot of free and commercial themes.
- Do your research and make sure the plug-in you are going to install is created by a reputable developer
- How many times has it been downloaded
- Are there any favourable reviews
- Is it supported by your current version of WordPress
- Is it still being supported and upgraded regularly
- Visit the developers home page.
And again I say it …. Back up
Too may of us back-up after a scare and then forget about it. Regularly backing up your website will also ensure if you are ever hacked it is easy to return to a clean version of your website.
With just a few simple changes your website could be made more secure and easily recoverable if the worst happens.