Your website security is most likely a hackers paradise: use my tips to prevent becoming their next victim
Foreword: Website security should be a huge concern for you (if you own or manage a website.)
For this reason, Fat Panda Design offers a COMPLETE security solution to address your website security concerns, with our monthly maintenance package. It’s a complete steal for the price we charge.
If the information we provide below is just too technical for you to understand, or you simply just don’t have the time to handle the tasks yourself, hire us to manage your site maintenance: it’s only $100 a month, and can save you THOUSANDS long term (if you get hacked even ONCE, you could lose priceless sensitive data, and be liable for lawsuits. Not a scenario you want to get into)
This protects your site and provides total peace of mind: you get 3x daily backups, 3x daily security scans, all updates for plugins/themes/core files as they’re released, 24/7 site monitoring, and 24 hour email support.
And, if your site goes down (as long as it’s not hosting related), we can quickly bring you back live at very affordable rates.
So if you want a complete hands off approach, knowing that your sensitive data and client information is SAFE, contact me via this link and I will become your WordPress website champion. Simply message “monthly maintenance package” in the subject body, and i’ll reply shortly!
Once again, the link to order our maintenance package is:
(just mention Monthly Maintenance Package Wanted!)
We’ll keep your site safe as can be ❤
The age of the internet has made it extremely easy for anyone who wishes to launch a website, to do so.
With the existence of various content management systems (or CMS), such as WordPress, Joomla!, and Drupal, building and maintaining a website has never been easier.
This presents a catch-22 of sorts, though.
Never before has it been easier (or more profitable) for hackers and malicious users to compromise these systems, and leave their targets completely decimated.
To counteract, various tools and solutions have been developed and are utilized to reduce the risk of such intrusions.
Below are some simple tools and “best practices” to make use of, that can dramatically reduce the chances of being a victim of such attacks.
1 — Enforce Strong Passwords
This one should be pretty obvious, but a lot of people use extremely weak passwords! Here are a few password tips that you should implement to improve your website security.
- Password Length — Passwords should be a minimum of 12 characters. While longer is definitely better (pun not intended! :P), your online login system should already be set to limit failed login attempts to a maximum of 3. Combined with a long password, this will help you tremendously.
- A Complex Password — When making a password, you should use a completely RANDOM set of characters (do NOT use words, as hackers have already compiled password lists for brute force attacks that utilize words). Use at least one of each: an Uppercase letter, a lowercase letter, a symbol ($,%,@, etc.) and a number. Something like this would be great: “T$uQ2p6N#1VaU4@”
- DO NOT REUSE PASSWORDS!
2 — Have A Solid Backup System
I actually know of a few webmasters who rarely, if ever, run backups and stay on top of protecting their data. This is something you should absolutely pay close attention to; consistent backups can be the difference between simply implementing a backup copy in the event of a breach or data loss, to losing EVERYTHING and having to start from scratch. Talk about a nightmare for website security.
WordPress sites have a variety of free backup plugin options available — just do a quick search and you’ll see. I personally use a paid plugin for my clients, because it offers loads of additional features that make life so much easier. I have daily scheduled backups that are saved locally on site, as well as copies that are sent to Google Drive. Redundancy is the safe bet when securing your data and improving website security.
3 — Protect Website Files
By default, WordPress file permissions are insecure. They’re set to prevent most permissions errors, which leaves them vulnerable to malicious code and unwanted changes.
Every file has 3 different permissions, with each being represented by a number.
- ‘Read‘ (4): View the file contents.
- ‘Write‘ (2): Change the file contents.
- ‘Execute‘ (1): Run the program file or script.
There are also 3 different user types which these permissions can be applied to.
- Owner — Usually the creator of the file, but this can be changed. Only one user can be the owner.
- Group — Each file is assigned a group, and any user who is part of that group will get these permissions.
- Public — Everyone else.
The permission numbers are added together when they are selected for a particular user: for instance, if I wanted the “Owner” user to be able to read, write, and execute, I’d add (4) + (2) + (1) to get (7). Thus, the permission would be a 7 for the Owner (7 is the highest permission level and grants total access.)
Here’s a great WordPress Codex entry that explains in detail more about permissions and how to set them for your appropriate needs.
4 — Minimize the Amount of Add-ons (Themes, Plugins, etc)
Plugins and themes help change the way we build websites, and the results that are produced. While there are many incredibly useful and almost necessary plugins out there, there are also many that should be avoided.
Why, you ask? Plugins and themes give hackers more entry points to your website. You may have your website locked up nice and tight, but by simply installing a plugin that isn’t as up to date security wise, or is poorly developed, you’re leaving the door wide open and inviting hackers right into your ‘home’.
Let’s say you have a theme, and 14 different plugins (i’ve seen sites have as many as 25+ before…yuck.) You’ve just opened up 15 more potential attack points for intruders. All it takes is 1 weak link to exploit for malicious users to gain entry.
If you do need to use plugins and 3rd party themes, make sure they are up-to-date and compatible with the current version of your CMS. Also, choosing to use extensions that are created by reputable developers greatly reduces your risk of security compromises, as these developers are usually very security-conscious and have their customers in mind.
Which brings me to my last website security tip…
5 — Stay on Top of Updates!
This is a huge issue that a lot of folks simply don’t pay attention to: updates. There’s a reason software developers push out frequent updates…they fix issues or ‘bugs’, but most importantly they patch holes in any potential security breach points. This is probably one of the most important things that you could do to ensure your site isn’t nearly as vulnerable as a lot of other websites.
Updates are usually pushed out to the public from Plugin and theme developers after a major CMS update, such as WordPress 4.4 aka ‘Clifford’. They can also be pushed out when certain bugs or security concerns are reported to the developing company, which can prompt emergency patches to be pushed to the end users.
It’s imperative that you update as soon as updates are released; a lot of hacking attempts are automated these days, and it only increases the chances of them exploiting weaknesses the longer you wait to update.
Final Thoughts
Ensuring that you implement proper website security will not only reduce the risk of malicious attacks and data loss, but it will also reduce the overall cost of keeping your website operational.
You’ll save money on lost productivity, technician costs/labor to find and fix security breaches, and the potential loss of business you may experience. It’s a safe bet that keeping your website up to date and as secure as possible is the smart choice here.
Do you have any personal website security tips that you use? Leave a comment with your suggestions!
Source: https://fatpandadesign.com/simple-steps-to-…website-security/
