5 Rituals To Keep Your Websites Secure

It’s all fun and games until you noticed something is wrong with your website. The symptoms could be one of the following:

• You got: “This site can’t be reached” message when entering your URL
• Random pop-ups appear on random pages while you are navigating your site.
• Random files and folders suddenly appear in your web folder
• Random new users account has been created
• Your WordPress Admin account has been removed
• Unidentified files have been installed in your FTP that you do not know
• When you Google your site, the result says: “The site may be hacked”

There could be other signs your WordPress site have been hacked, but these are the most common one.

Angry ex-employee plotting something bad

Reasons why you have been hacked

While it could be done by someone who has the access to your WordPress backend or your hosting control panel (like a disgruntle ex-developer), there are other reasons why your website is vulnerable to attack.

• You have a weak & easy to guess password
• Your plugins and theme files are outdated
• Your plugins were downloaded from GPL club websites
• You are using nulled plugins and themes
• You never set up security solutions on your WordPress installation

What should you do if you’re hacked?

If your hosting provides scheduled backup, you can contact them to revert to the last working version of your website. If you don’t have backups, you may find a web design company who can retrieve back your website. This will be done manually and technically challenging depending on the size of your website.

Here are my 5 rituals in ensuring a secured WordPress site.

Use strong username and password

Passwords — the longer, the better

What passwords and condoms have in common?

- You don’t reuse it
- You don’t share it with others
- You don’t use the same one as the others
- If you’re in doubt, change it

Stop using ‘admin’ as your admin username, silly. Find a suitable username that’s not so common and probably unrelated to you in a sense that anyone could guess from looking at your Instagram or Twitter handles. Your username shouldn’t have anything to do with your personal information.

Same goes with your password. Use uppercase, lowercase letters and various characters to strengthen your password. I also recommend that you regularly change your password, especially if you had shared your password with some freelancers or anyone you hired to make the changes before.

Hosting

A good hosting will be very sensitive with what their customer put on their server. There are a number of hosting providers that ban users who kept uploading malicious web scripts onto their platform. These companies protect their business by taking care of their clients.

I’ve been happy with Siteground as a hosting and I have used them for our clients for many years. They have daily backup and 99.99% uptime on their servers. Prices are very reasonable and their control panel is user-friendly and easy to use. Their support is effective and competent. Based on my experience, in many cases, they will help in restoring your site if it got hacked.

Install WordFence

Wordfence is one of the most downloaded security plugins for WordPress. It has a number of smart features to protect your website from common hackers attack. Wordfence is easy to use, so you do not have to be a rocket scientist to use it. Installing Wordfence will significantly increase your website security.

Some of the Wordfence features that I like include:

• Perform a virus scan of your entire site and get a report
• Block IP addresses and countries from accessing your website
• You receive an email every time a user logs in to your website. Here you can see the user IP, user hostname, and user location and their username
• Built-in firewall to protect your site from unwanted traffic

Updates

If your site has a lot of outdated plugins, there could be security holes where hackers can break into your system. Therefore, it is important that you keep your plugins and WordPress updated. Updated plugins improve the load time too. Keep auditing your plugin list and remove any redundant plugins.

Backups!

I could not emphasize this one enough. You might purchase the best theme and plugins, hire the best web developer company and use the best hosting solutions — but if you don’t schedule backups for your site, all your investments will go down the drain, once your site has been hacked.

There are lots of backup solutions out there, but I really like UpdraftPlus because it’s simple and just work in most case.

A hacker chills down after securing a hacked website

All of these rituals are not very technical because I want everyone to be able to understand and perform the security check yourself. However, there are some advance solutions that you can perform. Eg. You can limit write permissions to files and folders so you do not get the wrong people in and overwrite your files.

This however, could be advanced for some — so we just keep it simple, but effective for now.