Why You Need a New Secure Website
Maintaining a secure website takes effort, but it is vital not only to keep your data safe, but to keep the trust of your customers. Unfortunately, security has become a major issue for websites over the last few years, and hackers are targeting vulnerabilities more than ever before.
Hackers Often Choose the Path of Least Resistance
Hackers almost always target the most popular software used by websites such as WordPress, an enormously popular CMS, or content management system. They don’t do this necessarily because WordPress is less secure than other content management systems, but because the hackers are lazy. In order to attack tens of thousands or millions of sites, hackers have to write programs that do the work for them, and this takes time and effort. It makes sense to then go after the most popular content management systems such as WordPress so that they have a much higher possibility of success by sheer volume of sites to attack.
The Result of Poor Security
Unfortunately hackers are often successful because so many WordPress sites are not kept current with the latest updates and security patches and thus are left vulnerable to attack by the hackers’ programs.
WordPress is the most popular content management system in the world with more than 25% of websites using the platform. Because of this, many websites are vulnerable, and it is estimated that nearly 4 out of 5 hacked websites are running WordPress. We strongly reiterate that does not make WordPress a bad choice for a content management system. The truth is quite the contrary, but it does highlight how often it is targeted and how important it is to keep it up to date and secure.
How to Keep the CMS and Server Secure
- Keep any software you use on your website current with the latest updates and security patches. This includes plugins, modules, themes, 3rd party add-ons, integrated software, etc.
- If a service provider is hosting your website, then you likely will not need to be concerned about server-side vulnerabilities. Otherwise, you will need to update the server software diligently. We also recommend running vulnerability scans on the server as well.
- Require TLS security on your site. This will add an extra layer of protection for your site visitors ensuring their connections are encrypted to your site. It will also have the added bonus of improving your site’s Google search engine ranking.
- Secure important directories such as wp-admin on WordPress so that they require a password. This makes it much harder for hackers’ programs to circumvent.
- Be deliberate and careful when adding user accounts to your website, especially administrator accounts. Use strong passwords and set up the CMS with a plugin or module to require changing of passwords often.
- A file monitoring plugin or module can check your CMS core files regularly and notify you of changes.
- You should schedule a daily, weekly and monthly backup of your site. Make sure to store these backups on a different server than the one hosting your website. This will allow you to recover your website quickly if a hacker gained access. Plus, it is a great practice to have in place in general. Backups are lifesavers!
How to Keep Logins Secure
- Use strong passwords for your content management system and any other passwords you use for your site. Do not use the same password anywhere else and change it regularly.
- Consider using a CMS feature, a plugin, or module to implement a lockdown feature for failed login attempts. This will allow you specify the number of failed login attempts permitted.
- If possible, consider implementing 2-factor authentication which means site managers use two different login methods each time they log in. For instance, in addition to a username and password combination, site managers can have a security code sent to their phones via text that they then type in to an additional login field. This makes it virtually impossible to circumvent the login on the CMS.
- Change the login URL from the default one. As an example, on WordPress change it from the default yourdomain.com/wp-admin to something unique for your site. This makes it very difficult for hackers’ programs to find the login.
How Able Engine Can Help
Please contact us, if you would like to learn more about why you need a secure website.