99% of hacked websites are small businesses, not-for-profits and blogs, proving it’s not just the big guys that cyber criminals target.
According to SiteLock, every website is attacked approximately 22 times per day – that’s more than 8,000 times a year! With over 75 million people using WordPress as their content management system (CMS), it’s no wonder that WordPress is one of the most heavily targeted platforms.
There is an abundance of reasons why cyber criminals choose to hack websites. With your compromised site, they’re able to carry out attacks to make money, infect a wider audience, and get major bragging rights. Hackers might also be compromising your website to steal information, bring your site down so competitors can thrive, or to raise awareness about a political issue; the list goes on.
So in an age of superior technology, how can those who aren’t IT experts easily enforce greater security on their WordPress websites? Here are three simple and free security measures you can enforce right now:
1. Enable Automated Updates:
It’s been said that the single biggest reason that website hacks are successful is outdated software. Keeping your software up to date is perhaps the easiest thing you can do right now to ensure your website is more secure. Updates are usually thought of as simply changing looks or updating features, however most updates are needed as a security hole has been found and a patch is required to keep your site safe from this vulnerability.
WordPress typically notifies you when an update is available so you can carry it out manually, but we would strongly recommend automating your updates, so whenever a vulnerability is detected, your security is up to scratch. You can install free plugins to do this for you. We recommend WP Update Settings – its free version has a simple interface and lots of options when it comes to automating your updates:
All you have to do is go into your WordPress backend, select Plugins, Add New and then search for WP Update Settings, and install and activate. Once you’ve got it on your site, you can change your settings (as shown above), to ensure every available update is automatically carried out. If you’re not updating your systems, there’s a good chance there’s a cybercriminal ready to pounce on any vulnerability they find.
2. Make Your Username And Password Tricky, Not Easy To Remember:
Don’t get us wrong, it’s possible to have both – but being tricky is far more important than being easy to remember; without complex usernames and passwords, your site is extremely vulnerable to the likes of brute force attacks. These are a trial and error method hackers use to gain access to your site. Automated software is often used to generate a large number of consecutive username and password guesses until they finally get in, or give up.
The first thing we would recommend here is: never stick with the default settings. Most brute force attacks make use of admin as the username, because WordPress defaults this when you first create your site, and most people never change it. Don’t let the idea of complexity scare you, it can be simple; for example, maybe your business is Simple Cakes on 13 River Drive in QLD and has been operating since 2014 – your username could be, SC13r1verDrQLD14 – or even just SC13rD14.
Having a complex password is equally as important. While it seems that everyone knows they ‘should’ have a difficult password, they usually don’t. We would advise that you think of a password in a similar fashion to the username suggestion above, or use a password generator to create strong passwords that will stand a good chance against brute force attacks.
Limiting the number of times a user can unsuccessfully attempt to log in is also a good way to combat a brute force attack, as well as adding the feature of locking out users who exceed the specified maximum number of failed login attempts. Again, there are plenty of free plugins that give you these features. Check out some here, and here.
3. Backup Your Website:
Research shows that data loss and downtime cost $1.7 trillion each year to the globally economy (source). Every website is vulnerable to data loss and security threats that can cause downtime and cost money. Backups are an essential component to securing your website, because as we’ve said before, even with every security measure in place, something can slip through the cracks, and if you have no data backed up, there’s simply nothing to recover.
You can easily back your website up – either through your hosting company, or through free or paid WordPress plugins. It’s common that businesses who have had their website built for them, have hosting supplied by the company who did their website build. We recommend that those businesses approach their hosting company to see what kind of backups they have in place (if you’re not already aware). For others who are DIYing, here’s a list of the best free and paid WordPress backup plugins you can get, which includes links of how to install the plugins, backup your website, and restore it should you need to.
You don’t need to be an IT genius to keep your site secure. With only a few steps, you can better protect yourself (and your company) from potential downtime, wasted money and the possibility of reputation damage.
If you would like more information on how to better protect your website or your IT environment, get in touch with us through the form below.