Your WordPress business website – or any website for that matter – is only as good as it is secure. We hear so much about big data breaches with major online companies, but many small business owners don’t give their own website security much thought. The one-button installation of WordPress, available through any hosting company, makes starting a business website so easy – too easy. But, if you’re not following good security practices, you can easily leave an open back door for a hacker to access your website.
Why would a hacker bother with your website? Unfortunately, that’s the wrong question. Simply put, for whatever reason, hackers continually try to gain access to ALL business websites. It’s not personal. It’s probably not even a person. But leave a security loophole, and they’re in – and the next thing you know, a customer is calling you asking why there’s advertising for pornography on your home page.
It’s not a WordPress problem. 32.8% of the world’s websites use WordPress as the foundation (a number current as of January 9, 2019). Its flexibility and functionality make it the best option for a business website. But you must make security a priority and follow some simple best practices.
Basic WordPress Security
A website security protocol is made up of three elements: protection (doors and windows locked), detection (an intruder alarm), and recovery (the cleanup). Let’s look at best practices for each element.
WordPress Business Website Protection
- Use strong passwords. Each password should be long and unique and contain numbers, capital and lower case letters, and special characters. Don’t re-use passwords and don’t make them easy to guess.
- Keep your WordPress website up-to-date. This includes your WordPress installation, your themes and plugins – all of them. Many times the reason for the update is to improve your site’s security.
- Manage your site’s users. Has an employee left your company? They no longer need access to your website. Only provide the level of access that each user needs. Giving everyone ‘admin’ access is not necessary or advisable.
- Keep your computer’s antivirus software up-to-date and keep your own computer free of malware. One insidious type of malware that gets passed around the web is a keylogger that records every keystroke you make at your computer. Hackers use this to learn your username/password combo so that they can gain front door access to your website.
- I install the iThemes Security Plugin on all of our websites. With it, I can be certain that file permissions are set properly, that strong passwords are enforced for all users, that users who repeatedly hammer the login screen with fictitious info get banned, and so much more. If I’m hosting your website, you can be certain that your security is being taken very seriously. If you’re hosting elsewhere, you owe it to yourself to install at least the free version of this plugin.
Threat Detection
- Again, I rely heavily on the iThemes Security Plugin for this area. It sends me a daily digest of any files that are changed on any of our websites, scans for malware, logs 404 (page not found) errors, and notifies me when a user gets locked out due to too many login attempts.
WordPress Website Recovery
- The best offense is a good defense. Recovery begins with frequent backups of your site, stored off-site. I use BackupBuddy by iThemes to make daily, weekly, and monthly backups, and store them in our Amazon S3 account. If your website hosting company offers daily backups, take advantage of that too. Redundant backups are a good thing. With a good, clean backup, restoring a compromised website is quick and straightforward. You wipe the site off the server, delete the database, then restore everything from backup. BackupBuddy makes the process easy and seamless.
This article only covers the basics – the foundation of WordPress website security for the business owner. As a website developer, there are additional security protocols that I follow during installation and maintenance of your WordPress business website. My goal is to keep your website safe at all times and that means staying up-to-date and applying the latest security recommendations. If this article has raised concerns about the security of your WordPress website, please use our contact form to request information about a website audit.
What Can You Expect from Zero to Sixty Marketing in 2019?
Significantly more communication, for one thing. I’ve mapped out an editorial calendar for the new year that will have us blogging again on a regular basis on a variety of topics. In 2019, we’ll mainly talk about WordPress business websites, how to improve your website’s visibility, and email marketing, but we’ll also talk about retail marketing, the traveling/mobile business, staying healthy while you grow your business, productivity hacks, and market research. This year we’ll also be adding audio and video to the mix – some from us personally, but also business-building messages that you don’t want to miss from OffBeat Business Media and other trusted sources.
This website will be getting a much needed refresh. A site that I was proud of years ago has become one that makes me shudder. That’s never good! I’ve pulled a copy of it onto my development server, where I will eliminate what’s out-of-date and irrelevant, refocus the existing content, and update the design.
Last, but definitely not least, we’ll continue to travel the country this year. If you’re into travel, preparing to travel by RV, eating well on the road, and location independent topics, please check out our RV travel website.
Have you found this article on WordPress website security useful? What would you like to hear more about in 2019? Please talk back to me in the comments.
Happy New Year!
