We have read about the recent wave of cyber crimes happening all over the world. Maybe you are one of the 143 million people whose personal data was stolen in the Equifax breach or have had your computer and network locked and held ransom by the WannaCry ransomware attack. These cyber crimes are no longer isolated incidents. It is estimated by 2021 (in 4 years) that the cost of cyber attacks on businesses will reach $6 trillion. No network is safe.
How unsafe is your network/website? 50% of small business have been breached in the last 12 months and many don’t even know it occurred. Not only can your company’s data be lost but your reputation can be destroyed. In May, Target paid out a $187 million settlement for the 2013 large-scale data breach. Fortunately for them, they were able to rebound. Many smaller organizations cannot.
5 easy to do steps to protect your WordPress (or any CMS) website or network:
- Keep software up-to-date and remove any unused plugins and themes: new software releases usually contain fixes to bugs and vulnerabilities which could be exploited by cyber criminals if not updated. All plugins and themes have potential security flaws. Removing unused software removes the risk of hackers gaining access through an unwatched door.
- Use strong usernames and passwords: most common hacking attempts use stolen usernames and passwords. Don’t make it easy for hackers. Use unique usernames (not admin or your name) and strong passwords that contain uppercase and lowercase letters, numbers, and special characters.
- Make sure users are only granted the permissions they need: the more people accessing your admin panel, the more vulnerable to security threats your website is.
- Regularly backup your website to an offsite location: no matter what happens to your site, it can always be restored if you have a backup copy. There are great WordPress plugins that will help you with this. Ex. VaultPress (with Jetpack), Backup Buddy, Updraft and Duplicator
- Limit login attempts: WordPress does not limit the login attempts by a user. Because of this your site can be more vulnerable to brute force attacks. Fix this by limiting the number of failed login attempts a user can make with a plugin like Login LockDown. It is easy to install and configure.
These 5 steps are just the start. For a more secure WordPress site here are 5 more advanced steps that you might want to consider hiring a professional to perform.
5 more advanced/professional steps:
- Protect the wp-config file: this file holds a lot of critical information about your WordPress installation including your database username and password. Moving the file up a directory makes it inaccessible to hackers.
- Disable directory indexing and browsing with .htaccess file: visitors can view your entire directory structure, find vulnerabilities within your files and gain access to these files. This is why disabling indexing and browsing is recommended.
- Remove WordPress version information: if hackers know which WordPress version you are using, they know what the vulnerabilities are and can tailor their attack accordingly.
- Change database prefix from generic wp_: the default prefix makes it easier for hackers to locate your database and conduct SQL injection attacks. To make such attacks more difficult, use a unique database prefix.
- Disable File Editing: WordPress’s built-in code editor allows you to edit your theme and plugins from the Dashboard. Any user with admin access can make changes to the plugin and theme files. Disabling file editing will prevent these files from being accidentally or maliciously modified.
If you have concerns about the security of your WordPress website, don’t hesitate to contact the xG for a free consultation.