Your WordPress business website – or any website for that matter – is only as good as it is secure. We hear so much about big data breaches with major online companies, but many small business owners don’t give their own website security much thought. The one-button installation of WordPress, available through any hosting company, makes starting a business website so easy – too easy. But, if you’re not following good security practices, you can easily leave an open back door for a hacker to access your website.
Why would a hacker bother with your website? Unfortunately, that’s the wrong question. Simply put, for whatever reason, hackers continually try to gain access to all business websites. It’s not personal. It’s probably not even a person. But leave a security loophole, and they’re in – and the next thing you know, a customer is calling you asking why there’s advertising for pornography on your home page.
It’s not a WordPress problem. 24% of the world’s websites use WordPress as the foundation. Its flexibility and functionality make it the best option for a business website. But you must make security a priority and follow some simple best practices.
Basic WordPress Security
A website security protocol is made up of three elements: protection (doors and windows locked), detection (an intruder alarm), and recovery (the cleanup). Let’s look at best practices for each element.
WordPress Business Website Protection
- Use strong passwords. Each password should be long and unique and contain numbers, capital and lower case letters, and special characters. Don’t re-use passwords and don’t make them easy to guess.
- Keep your WordPress website up-to-date. This includes your WordPress installation, your themes and plugins – all of them. Many times the reason for the update is to improve your site’s security.
- Manage your site’s users. Has an employee left your company? They no longer need access to your website. Only provide the level of access that each user needs. Giving everyone ‘admin’ access is not necessary or advisable.
- Keep your computer’s antivirus software up-to-date and keep your own computer free of malware. One insidious type of malware that gets passed around the web is a keylogger that records every keystroke you make at your computer. Hackers use this to learn your username/password combo so that they can gain front door access to your website.
- I install the iThemes Security Plugin on all of our websites. With it, I can be certain that file permissions are set properly, that strong passwords are enforced for all users, that users who repeatedly hammer the login screen with fictitious info get banned, and so much more. If I’m hosting your website, you can be certain that your security is being taken very seriously. If you’re hosting elsewhere, you owe it to yourself to install at least the free version of this plugin.
- Again, I rely heavily on the iThemes Security Plugin for this area. It sends me a daily digest of any files that are changed on any of our websites, scans for malware, logs 404 (page not found) errors, and notifies me when a user gets locked out due to too many login attempts.
WordPress Website Recovery
- The best offense is a good defense. Recovery begins with frequent backups of your site, stored off-site. I use BackupBuddy by iThemes to make daily, weekly, and monthly backups, and store them in our Amazon S3 account. With a good, clean backup, restoring a compromised website is quick and straightforward. You wipe the site off the server, delete the database, then restore everything from backup. BackupBuddy makes the process easy and seamless.
This article only covers the basics – the foundation of WordPress website security for the business owner. As a website developer, there are additional security protocols that I follow during installation and maintenance of your WordPress business website. My goal is to keep your website safe at all times and that means staying up-to-date and applying the latest security recommendations.
What Can You Expect from Zero to Sixty Marketing in 2016?
Significantly more communication, for one thing. I’ve mapped out an editorial calendar for the new year that will have us blogging again on a regular basis on a variety of topics. In 2016, we’ll mainly talk about WordPress business websites, how to improve your website’s visibility, and email marketing, but we’ll also talk about retail marketing, the traveling/mobile business, staying healthy while you grow your business, productivity hacks, and market research.
We’re also in the process of revamping our website. Every business needs to do this from time-to-time. But like many of you, we’ve been so busy growing the offline component of our business, that the online component has suffered.
Last, but definitely not least, we’ll continue to travel the country this year, with an aggressive schedule of events and retailer visits. From mid-July through the end of October 2015, we were on the move every few days. We slowed down for the holiday season, but it’ll pick up again soon. We’re continually in learning and teaching mode in our travels. In 2016, we’ll be writing more about both.
Have you found this article on WordPress website security useful? What would you like to hear more about in 2016? Please talk back to me in the comments.
Happy New Year!