WordPress Security: 5 Essential Tips to Stay Safe in 2020
There are no exception, whether you’re a conglomerate financial website or a small eCommerce shop, hackers have taken note of WordPress vulnerabilities and are ready to capitalize. But don’t fret, one of our priorities is to provide the WordPress community with the tools and knowledge to keep hackers at bay and keep your business secure year around.
Let’s take a look at a few housekeeping rules for 2020 and make sure you have these 5 tips in place for a smooth new year.
Stay Up-to-Date!#
Updates may trigger some anxiety (fear.of.deleting.everything) but the loss of a plugin or theme will always outweigh the dollar amount your website is worth. WordPress is an open source platform, which means modification and updates are constant throughout the year.
This gives hackers an opportunity to run their scripts and search the internet for vulnerabilities in WordPress plugins, themes, and login credentials.
How do you keep your website safe in this volatile environment?
If you’re a one man team, then you know automation is key. Set monthly routine check-ups and install automated reminders to help stay updated with latest plugins.
These updates may include new features and bug fixes, but most importantly they correct exploits overlooked by third party developers in previous versions. To help lighten the load, try iThemes Security Pro WordPress Version Management for automated updates.
Rest assure, all TotalSuite plugins are developed with this key factor in mind so you can download, implement, and get started right away!
Use Secure Passwords#
In the past year, 81% of company data breaches have been due to poor or unsecured passwords in the workplace according to Verizon’s data breach investigations report in 2019.
The question is: “how do you memorize long and complicated password for each login credential? If you’re running a profitable online business, a password manager such as LastPass and DashLane is a must. These tools act as a vault for all of your sensitive files and encrypt login credentials to keep your valuable information safe and secure.
If you’re working with a remote or distributed team, this is your best bet to on-board new members without putting your site at risk.
Here’s a few things to avoid when creating your next password:
- Your names or names of family and friends
- Any birthday related to you or family member
- Pet names
- Cities you’ve lived in or previous home addresses
Enable Two Factor Authentication (2FA)#
So... updates(✅), password manager (✅), what’s left? Let’s take it one step further and enable 2 factor authentication. Usually phrased as “2FA”, this step requires you to not only know your password, but also, that you possess a tangible device (usually mobile) that can be confirmed in real time. If this seems excessive, it’s not.
With companies like Apple, Github and Warby Parker succumbing to brute force attacks and email phishing, it’s safe to say any business can become a target.
2FA comes in the form of a text, authenticator app, biometric, or physical key. You’ve likely experienced 2FA if you’ve logged into your Gmail, bank account, or protected files at work, so having one set for your WordPress site should be a breeze.
If you’d like to setup your site with 2FA, check the detailed Two Step Authentication guide to get started.
Setup Proactive Protection#
Now that you have your password manager and 2FA set, it’s time to enforce your security strategy with proactive protection. For those of you new to owning your site, a firewall allows you to configure a set of rules to send or receive data from other networks (AKA…..the internet).
Think about your firewall as a personal bouncer; you tell it what type of data is allowed into your network and the firewall will filter and grant access when all criteria is met.
With a 4.8 out of 5 stars on WordPress.org, our favorite plugin to tackle your firewall needs is Wordfence. We recommend it because it’s good-to-go right of the box and configures quite nicely to most sites. Just to give you a quick peek under the hood, here’s what Wordfence offers:
- Malware scanning including scheduled scans
- The scan includes a variety of other checks including blacklist checks
- Patches for known vulnerabilities
- Brute force protection
- Two factor authentication
- Country blocking
- Protection against aggressive crawler
Wordfence also provides a professional version, so you can boost your security strategy even more.
Back it Up#
Yes, we mean your entire site.
Many businesses have suffered a simple mishap due to a hosting issue or an unfortunate cyber attack and have lost thousands of files and records in their database. If your site publishes content frequently, backing the most recent version of your site can save you thousands of hours when rebooting.
Although there are many options out there, we recommend getting started with Updraft. If you’re not tech savvy or don’t have a developer on hand, don’t panic. Updraft has a user-friendly interface that will help you maneuver through setup and guide you through monthly, weekly, or daily automation. Otherwise, you can try other alternatives like BackWPup, BackupBuddy and Duplicator.
Don’t be overwhelmed#
Thousands of entrepreneurs and digital business owners are searching for answers to secure their online assets. Ultimately, we can never know if we’re taking every precaution necessary, but these 5 tips will get you off on the right foot and add multiple layers of protection to your site.
Have safety tips to share with the community? Share it with us on Twitter @TotalSuite and let us know how you’re staying protected in 2020.