Many small businesses bless the day when the Internet gained popularity because leveled the playing field for them. They could now compete in terms of promotion and marketing to the big players, and potentially sell their products and services just as effectively as a big company sells. For that to happen, however, they need a website, and the most popular platform for creating one is WordPress.
WordPress is an easy choice for many small companies because the basic package is free with no limitations, and you can have a website up and running in a few minutes. It is also SEO-friendly and easy to maintain even if you are not tech-savvy. However, one of the potential problems with WordPress is security breaches.
A good example is the Panama Papers, a high-profile case of data leaks involving more than 4.8 Million emails from the Mossack Fonseca website, a Panamanian law and accounting firm. It turns out the security breach was because the WordPress version of the website was outdated.
If you think you are safe because you are a small company, you would be mistaken. Hackers are not really discriminating when it comes to breaching websites. Small business, large business, is all the same to them. It is not all the same to you however, as a compromise to your website can bring down your website, your business, and your customers. You are responsible for ensuring your website does not pose a threat to any visitor to your website.
It is easy enough to protect yourself if you are aware of the threat. Here are some ways you can secure your WordPress website without taking too much trouble.
Make a Careful Selection of your Host
One report reveals that as many as 41% of websites that were hacked are because the hosting service did not put a lot of importance on security. It is important to select the host service not only for its compatibility with WordPress or price point, but also for its security protocols. While choosing a reliable web hosting company it is not a guarantee against a security breach, it will go a long way towards reliving some of the worry you may have about your website. Before choosing a hosting service, ask about their security protocols to find out if they have the requisite firewalls and malware scanning.
Activate the Security Keys
The WordPress Security Keys also known as WordPress Secret Keys are built into the software starting from the 2.5 version. You have to define it by changing the wp-config.php, found in the root directory of basic installation of WordPress. This is a set of random characters, of which there are four types: AUTH_KEY, AUTH_KEY, SECURE_, NONCE_KEY, and LOGGED_IN_KEY. This makes it more difficult for hackers to crack site passwords. You can generate your own key, copy and paste it to the wp-config.php, and that is it.
Keep your website updated
Hackers are always coming up with new ways to get access to websites, and WordPress developers move just as constantly to block them. However, you have to update your website to take advantages of these security fixes. As mentioned earlier, the problem with the Mossack Fonseca website was the failure to update it. Fortunately, WordPress has automatic update features you can configure, something that came with the 3.7 version. You can update it manually as well if you choose.
Use stronger passwords
It may seem obvious, but as many as 8% of websites hacked simply because people are too lazy to use strong passwords. If you have a hard time keeping track of your passwords, you can use a password manager such as LastPass. If you want to make sure you create a strong password, you can use a password generator. You should also make an effort to use more creative usernames instead of admin, as many people do. You can change your username quite easily.
Keep track of access attempts
You can stymie hackers, which will keep trying to access your site by randomly using different usernames and passwords, by restricting the number of failed attempts you will allow. WordPress does not do this by default. You need to use a plugin such as Login LockDown to control access to your site by setting the number of failed attempts before refusing access, and for how long. You can also try using two-step authentication, where any user has to input the login credentials and then enter a one-time code sent to either a mobile phone or email address.
As a small business owner with a website, you cannot afford to have your site hacked. These five tips can help you secure your WordPress site without much trouble, but there are certainly more you can do. Please leave a comment below if you have any suggestions to making WordPress sites more secure.
Author: Harlon P. Agsaoay is a blogger, digital marketer, adventurer, musician, and ocean explorer rolled into one. He is currently working as a Content Consultant for Websitesetup and HostingFacts, during daytime. Look him up at his Google Plus account and Facebook.