Posting a "news flash" or "latest sold" to your blog is so fast and easy that you may forget this easy access can also mean your blog and its database are not secure from online attack. Are you doing all you should to ensure your online presence is secure from hacking and other online attacks?
Blogs or websites may be developed or published on various platforms, but one of the most popular is WordPress because it's simple to use and free.
Open source WordPress reportedly powers 25% of the internet including CNN, TED, and UPS, so chances are this online publishing platform is driving your blog or website. WordPress enables brilliant, immediate content management of text, photos, videos, posts, comments…. Problems arise when users are eager to learn about "bells & whistles" that jazz up posts and pages, but ignore or skip over security and preventative maintenance.
If the previous statement describes you, attracting prospects and clients to your blog and website may mean bringing them and their data into an unsecure environment. Are you thinking beyond your goals of pitching properties and gathering leads to ensure your online efforts protect privacy and data for visitors?
All blogs and websites can expect attack, so professional web designers and developers include firewalls, virus detectors, and numerous security strategies in every site they work on. The challenge comes when untrained users tackle blog design and development without considering security with each step. The detailed content and instructions in the WordPress online manual and at WordPress.com — a hosted version of the open source software where 50,000 new blogs appear each day — enable even an ultra newbie to create a blog and keep it secure. Almost everything WordPress is free or low-cost, so explore, learn, and experiment.
Anticipate attack! It's not "if" but "when." Invest time preventing problems and your blog or site may not crash when you need it most.
Here's 9 Essential WordPress Security Fixes to Head Off Attacks:
1. Update Update Update Everything
Update WordPress, plugins, and design-template Themes when new versions pop-up. These updates address the latest internet-hacking issues. Updating makes your blog less attractive to attackers searching for easy access through out-dated software, especially plug-ins and Themes.
2. BackUp Regularly
Secure your content and databases by backing up, with one copy stored off-site in case of fire. When code has been modified to customize blog design, backup is essential or the changed code will be erased. (Also see #4) Be realistic about your time commitments. If you often forget to backup, consider a paid automatic backup option.
Weak or predictable passwords are wide-open invitations for automated password attacks. If your criteria for a password is making sure it's easy to remember, you are your own biggest security problem. Use phrases—the more nonsensical and longer the better. Periodically change passwords. Upgrade admin user and set up a secure login.
4. Use Child Themes
Instead of changing the original Theme code to customize the blog's look or function, create a Child Theme — a partial-overlay of the Theme — to use for that modification and you'll stay in control of what is visible online. When updating, WordPress will read the Child Theme modifications first and then go to the original Theme for the balance of the code. You might design a separate Child Theme for different seasons or promotional campaigns. Free themes abound and there are also many paid versions that include support and other benefits.
5. Boost Security through Hosting
Security plug-ins like Wordfence protect your site from hacks and malware, but web hosting providers like GoDaddy.com (disclosure: one of my hosts) and GreenGeeks.com take security a lot further. Enterprise-level services like Carbon60.com include cloud management to serve business-critical organizations using WordPress like the Bank of Canada. Ask about firewalls and other security measures; check reviews. Stick to hosts offering Secure File Transfer Protocol or SFTP for file access, transfer, and management—this will make sense once you dig into WordPress or hire a web designer.
TIP: Using hardwired net connections is more secure than WiFi, especially on public WiFi networks.
6. Keep Default Theme
Don't delete the default Theme which was there when you started. If something goes wrong and your chosen Theme collapses, WordPress will revert to the default theme and attempt to keep your site up and functioning until calm is restored.
7. Monitor Continuously
If you don't have time to monitor attacks and system problems, a paid service may be the answer. What is the best approach to be sure someone has an watchful eye on your blog and knows what to do when problems arise? Be skeptical of every claim and verify everything. For instance, screen for malicious websites before accessing or passing urls on to visitors: https://safeweb.norton.com.
8. Attend WordCamp
I attended WordCamp 2015 and received fast-forward insight into how WordPress works and how I've been getting in the way of some terrific built-in security. WordCamps present "everything WordPress" in events held around the world. After each meeting, videos and slides from presentations are posted online to share tips, cautions, and solutions. Great place to meet WordPress professionals who can take care of security and let you concentrate on sales and marketing. Thanks to all who shared these WordPress Security Tips.
The degree of security you undertake must be in proportion to the value you want to protect. Collect only the prospect and client information that is essential to serving them and make sure this information is secure. As a professional, it's your responsibility to not store unnecessary personal, contact, and financial information — information that if compromised could make prospects and clients vulnerable.
Should your visitors trust you?
If you are interested in WordPress, find out about the next WordCamp in your area. May see you there….