Hackers. We all know they are lurking behind the code. And while some are “the good guys” and have the public’s best interest at heart, there are many (way too many) looking to steal information or just create chaos. As a website owner, it is your responsibility to make your site as difficult as possible to be hacked. So what can you do to make your site more secure?
Unique Usernames
One of the biggest offenses we’ve come across is the use of “admin” as the login name for a CMS. Terrible idea. If your username is basically just the default option you’ve already given half of the keys to your kingdom away. Need some ideas of what not to do? Start with the top 10 usernames and passwords hackers use to get into remote computers, compiled from Rapid7’s Project Heisenburg.
Strong Passwords
Next stop: a strong password. WordPress takes the stress out of creating a strong password by providing each user with one, but it’s one of those that will be too long and complicated to remember. We recommend using a password manager or copy + pasting from a secure document (one that is also behind a password). Sticking with the WordPress password generator is the way to go, but if you want to create a strong password you actually have a chance to remember, check out these tips on creating a complex password as shared by one of the good guy hackers.
Our last tips on passwords: change your password every quarter (at the minimum!) and use different passwords for different accounts. Trust us.
WordPress Versions
We love WordPress. We use it for the majority of the sites we build because it is powerful, flexible and easy for our clients to use. It’s also popular. So popular, in fact, that it is often targeted by hackers. Not to fear, though! The WordPress core is quite secure. They regularly offer updates to patch bugs or security issues found. Keeping your WordPress version up to date will make your site safer. Side note: Always remember to back up your site before updating!
Plugins and Themes
Plugins and themes give you the ability to extend the features and functionality of your site, but some of them can also have major security flaws. Anyone can develop and publish for WordPress, so you will want to make sure that any plugin or theme installed on your site has good reviews and is made by a reputable source. To be safe, delete any from your site that you aren’t using, and make sure to keep those you do use updated. Not all plugins were created with security in mind, so it’s best to limit exposure by using as few as possible.
Our Security Retainer
Did you see that coming? Yeah, we have one of those. We offer a retainer to keep your site’s security up to our standards. This includes making updates, backing up files, monitoring administration logins, and blocking hacker IP addresses. Contact us if you have any questions about it.