WEB SECURITY

What is Web Security?

Web security is the process of securing confidential data stored online from unauthorized access and modification.

As the internet grows, so does malicious behavior. That means that everyone is vulnerable to attacks. Even if you don’t sell anything or keep confidential information on your website.

Knowing all the technical aspects of security is not as important as knowing some basic ways to protect your WordPress Website and taking action.

My Client’s Recent Website Attack

Sometimes we learn by experience. Recently one of my clients came under what is called a D-DOS attack and it required her website to be taken down. According to Wikipedia a D-DOS (distributed denial-of-service attack) is an attempt at rendering a server unreachable to its visitors.

During a D-DOS attack your website may become unreachable since the server is being flooded with bogus requests and cannot process the valid ones.

No one knows why this happens and we were left wondering, why her website? She is a small business owner providing life coaching service to her clients, not a bank or the government.

The good news, we were able to get it resolved and her site back live which took lots of time & determination. So far, no more attacks but we keep monitoring it closely.

Why is Web Security Important?

Google Wants The World To Be Secure

First of all, Web security is important to Google so in order to grow our business on search, we should also be aware of what’s needed to increase our chances of being found. We understand that very soon Google may give preference to websites that have a working SSL Certificate, which shows visitors that the site is secure. Even if you do not accept credit cards.

Look for https:// and the green padlock next to the URL.  Then you’ll know the site is secure…

Your Website Represents You & Your Business

Protecting your website and all the information about you and your products & services is important. My client was devastated to find out that no one could access her site. Even though the main use was to introduce herself to potential clients, it needed to be accessible 24/7/365.  She was very happy when I got it back up!

Protect your Visitors

A web security issue can also be faced by your website visitors. A common web site attack involves the silent and concealed installation of code that will exploit the browsers of visitors. Your website may not be the end target of these attacks. There may be thousands of web sites out there that have been compromised.

The owners have no idea that anything has been added to their sites and that their visitors are at risk. In the meantime visitors are being subject to attack and successful attacks are installing nasty code onto the visitor’s computers.

WordPress Websites are Vulnerable

Over 1/3 of all websites on the internet are built using WordPress. Because it is opensource, it’s easier for attackers to cause problems.

Should you be Worried?

As the saying goes, worry will not change anything.  It’s better to gain understanding and then move forward to do what is within your control to do.

Below are some tips to help you get started. If you need help check out our monthly maintenance service.

10 Tips to Help Protect Your WordPress Website

Here’s some things you can do…

1. LOGIN. When installing WordPress, DO NOT use “Admin” as your user name. This is very common and gives hackers a front entrance for them to figure out your password. WordPress now allows us to even create custom logins.

2. PASSWORDS. Create a password that is not easily guessed & only use that password on your WordPress login. It is recommended that you change passwords at least every quarter. Above all, do not use the same password for everything.

3. UPDATES. Keep all Themes & Plugins updated. Delete plugins and themes you are not using. If you want to keep them, be sure to keep those updated as well. We monitor this closely with our monthly service.

4. WEBSITE HOSTING. Choose a reliable web hosting company that has good tech support. We recommend BlueHost.

5. PLUGIN PROTECTION. Install a “limit login attempts” plugin to help prevent brutforce attacks.

6. LOGIN PROTECTION. Install WordPress Security plugin. We recommend WordFence. They notify us every time someone attempts to log’s in.

7. WEBSITE BACKUP. Back up your website OFFLINE. You can send a copy of your site to your Google Drive, in your cloud account or pay for a service. Your hosting company may keep a backup, however they often charge to reinstall.

8. HIDE LOGIN PAGE. Hide your login page. If the attackers cannot access it, they cannot get in. This plugin is free: WPS Hide Login

9. VERY IMPORTANT – SSL CERTIFICATE. Install an SSL Certificate on your website. We provide this service for WordPress website owners or you can ask your hosting company for a Free one & have it activated by your web master.

10. HIGHER LEVEL SSL. If the information on your website is sensitive and you are concerned about mishandling attempts, we recommend you purchase a higher level SSL Certificate. They currently run about $39.99 per year and offer up to $10,000 warranty. Ask us about them or check with your hosting company.

There Are No Guarantees in Web Security

Even after talking with people who work in technology security and researching  expensive services that provide much more protection and monitoring of websites and traffic, they informed me that there are still no guarantees. The internet moves quickly into future technology and the bad people seem to be a few steps ahead.

They agreed that taking some simple precautions like mentioned above goes a long way to help with web security issues.

If you would prefer to hire a company to provide these services for you, we recommend Securi.