How to Keep Your Website Secure
I’d rather the internet be filled with light and love than malicious malware and nefarious code, but the world doesn’t exist in my desires alone. I don’t believe there is a need to walk in fear, but there is a reason to create a stalwart line of defense to prevent the sometimes catastrophic results of hacking.
Keep your Website framework updated.
This includes three key components: WordPress, themes, and plugins. Companies that sell themes and plugins are responsible for keeping them updated. This includes writing code to address known security breaches, updating browsers, and adding new features. When you update a plugin or theme, you adopt the new security measures into your website. If you have a premium plugin that requires a paid license, if you have not updated the plugin and your subscription is expired, your plugin will continue to work, but you are essentially left as is, without the ability to adopt the update. This is the most common way malware can get into your site. It is kind of like leaving your kitchen window open and expecting birds not to pick at your freshly strewn apple pie, laid out to cool from the oven.
- Login into your WordPress Website
- When you are in the Dashboard, click on the left side bar, “Updates”
- A new page will load, the three main components can be updated, but they are in three unique sections: WordPress, Themes, and Plugins.
WordPress:
Your WordPress website should be updated automatically when there is an update. If it is not set up to update automatically, please contact your website developer.
Plugins:
We like to keep our sites lightweight. Our benchmark for the number of plugins installed on any given website is 17. If you have more than that, be sure your hosting package includes enough bandwidth to support the load.
Delete unused plugins and be sure to update them at least monthly.
Click “select all” then click Update.
**Don’t touch your website while you are waiting for the updates to happen. It can get your website stuck in “Maintenance Mode.” It’s an easy fix, but it requires access to your hosting account.**
Theme:
Your website may have several themes loaded. Choose which themes to keep and which ones to delete. Check in with your developer. If your developer has installed a “Child” theme. This is a framework to keep custom code intact during umbrella updates provided by your theme. Be sure to keep your child theme active, and keep both the child and parent themes updated.
Use CloudFlare to filter your traffic before it hits your site.
Have you seen the Disney movie Moana? I love the scene where the heroine and her sidekick, Maui, use the power of the wind to sail across the vast ocean. They come across a large boat manned by tiny coconut warriors. At first, they look harmless and cute, but come to find out, the massive number of enemies and their vicious attacks wreak havoc on their plans. The small invaders overtake the crew, and the entire plan is redirected.
Malicious malware is just like those pesky villains. If your site is the victim of a brute force attack, it can be like those baby coconuts. At first, the oncoming traffic looks like you’ve hit the attention lottery, only to find out that your platform is under attack. A program like Cloudflare acts as a first line of defense against oncoming traffic, filtering out the bad guys and ensuring your sensitive data and hard work aren’t taken down by them.
- Use CloudFlare to prevent DDoS attacks and bot traffic
- Improve site speed with a CDN network.
Use a security plugin like WordFence to protect your website.
- WordFence works on securing your WordPress environment. The main components of WordFence include:
- Firewall to block hackers and malicious traffic from filtering into your site
- Malware Scanning, looking for nefarious files and injected code
- Two-factor authentication to prevent simple leaked username-and-password logins.
- Traffic monitoring & Live Alerts for security breaches or vulnerabilities.