No one likes to worry about the security of their site, but they still make errors in simple security measures to keep it safe. There are around 90,000 hacker attacks/minute on WordPress websites. The most common reasons behind these security attacks include weak passwords, outdated websites, and issues with core files. An attack on a weak site can be both a data loss and a financial loss, but it can be avoided.
What are some simple measures that may be implemented to secure a website from attacks?
- Changing passwords often.
- Multi-factor authentication is required for login.
- Keeping plugins and WordPress Updated.
- Using Https to access sites that require data exchange.
Too often, we forget to change our password and can have a site with the same password for years. We know we should, but we never like constantly changing and having to remember it. This simple measure can cost us. A fresh example of this is a ransomware attack on Colonial Pipeline in 2021. This caused the company to pay millions to recover control over it’s system. Why and how did this happen? Simply forgetting to change the password often and using it over and over. There was no multi-factor authentication for the password. So when feeling fussy about changing passwords, often just have a read of the Colonial Pipleline hack and remind yourself why it could be avoided.
The multi-factor authentication required for login adds that extra layer of security to confirm the actual person is logging into the site. This is easy to set up and makes the security of the site more solid.
Keeping plugins and WordPress updated is important. Keeping your site running with outdated plugins runs the risk of a security breach on your site. It can also cause the plugin to fail on load and the site to crash. It is also important to keep the content management system up-to-date. Keeping an old version of WordPress while plugins are updated can cause the site to crash. The best practice is to have auto-updates turned on.
If you are hosting on a http site and not one https, you are not secure for using logins and having users exchange there information.
Other items: Keep clear of null themes and plugins that could have been altered to get access to your site. Finally, try to only install plugins from WordPress; other sites may not be tested properly.
Like this post?
Rodney Bradshaw is currently a student at Wake Tech. He is currently pursuing an Associate Degree in Web Development. He hopes to be finished soon and start another degree program.