More often than not, website security is only thought about after bad things happen. Just like insurance, you do not think you need it until you do. Typically, setting up security and doing maintenance on a live site is left to the client or perhaps a WordPress maintenance company, if the client chooses to utilize one. However, there are some simple steps that every site owner can take to keep their site secure, online and converting.
One of the first barriers between you and hackers is a secure login. Always check that all users, especially the administrators, are using a complex username and password. Never use “admin,” a person’s name, or the site name as a username. Passwords should be complex and unique. At least twelve characters including capital and lowercase letters, numbers and special characters.
It’s also important that you never share one login between team members. Every person logging into the site should have their own unique credentials. On top of that, only give a user access for what they need. A person who is only writing blog posts for the site never needs to have an admin login. If there are contractors working on the site, give them their own login, and then delete their account once work is completed.
Websites should be updated on a regular basis. A good rule of thumb is to update all vulnerabilities as they come in, along with updating the available WordPress core, theme and plugins every two weeks. Most version updates are done for three reasons: a bug fix, a new feature, or closing a security vulnerability. This is why it is so imperative to keep up with site updates.
It is also the best practice to update the site on a staging environment or a clone before updating the live site. You can fix any conflicts or issues with the updates in that environment before the live site is updated. Before every live update, always run a site backup so any changes can be easily reverted. Pantheon’s Multidev solution helps ensure secure deployments, every time.
As long as there is a backup of the website, no change is ever permanent, even in the case of a hacked website. Many hosting providers, like Pantheon, automatically take care of your backups for the site. If your hosting company does not offer free, automatic backups, there are a number of plugins available to manage this.
When the backups are made, send them to somewhere other than the site server. Two great options are Dropbox or Amazon Web Services. Never save them to the site’s server, as full backups can take up a lot of space quickly. Additionally, if the backups are saved to the server, they can also become hacked with a site attack.
A good schedule for backups would be the database backed up every day and a full backup weekly. If the site is an e-commerce or a membership site, it may be good to have the database backed up a few times a day to ensure the data is saved.
What To Do When Your Site Gets Hacked
When the above steps are neglected, you can grow the chance of having your site being infected. Your hosting can only protect you up to a certain level but then it is on you to ensure your site is kept safe. Pantheon helps you by not allowing editing on the live site. This drastically reduces the chance of an infection. In the event a site gets hacked, it is best to get it cleaned as soon as possible by either yourself, if your hosting provides cleaning, or by a trained professional.
Talk with your hosting company on how they help you to keep your site safe. Pantheon goes above and beyond with their level of security on the sites that they host. You can see more of what they do with Dependable Website Security.
Make sure to add these security recommendations to the ever-growing list in your WebOps tool kit, and you’ll be prepared for whatever comes your way.Topics: Security