As hacks and security breaches become more of a concern for anyone running a website, it’s important to know you can drastically improve your security by using a few security practices.
If you don’t already have a security strategy in place, this post will help you understand seven ways you can secure and protect your website.
Understanding the Threat: What is a Hacker?
Unfortunately, there are people and systems actively working to hack websites. The word “hacker” may bring a few ideas to mind, including:
- The ever-elusive hooded teenager working in a dark basement
- Government agents infiltrating criminals or foreign governments
- Underground networks fighting for freedom, equality or to expose corruption
While all of these “hacker” scenarios do exist, they’re unlikely to target your personal website. You may be tempted to personify attacks, but the reality is, a “hacker” is more like a mindless robot. By robots, we mean “bots” or automated code that has a connection to the internet. Just like a robotic arm at a manufacturing plant is programmed to do specific tasks, these bots work every second of every day to perform their programmed tasks as often as they can, on as many sites as they can.
The logic of hacking bots can often be summarized as “find a site and launch this specific attack”. The goal of attacks is often to make the attacked site into yet another bot that can be given tasks. The tasks can range from attacking other sites to sending spam or phishing emails. In other words, these bots don’t know what your site is about nor do they care. To the creator of the bot, each compromised site gives them access to more resources to create a revenue stream in one way or another.
Why Would Someone Want to Hack My Website?
There are currently tens of millions of websites on the web. WordPress powers about 26% of them. Unfortunately, the sheer number of WordPress sites makes it a target. Recently, Sucuri released a Hacked WordPress Report, with roughly 78% of the sites they worked on in the third quarter of 2016 were WordPress sites.
Charts like this can make users will worry that WordPress isn’t secure — it is. In the chart above, Sucuri found that in most instances, compromises had little or nothing to do with WordPress core. Instead, WordPress compromises had to do with improper deployment, configuration and overall maintenance by the webmaster and hosts. Even with these known security issues, WordPress is secure if you keep it up to date and use our security best practices.
How Can I Keep My Site Secure?
When it comes to website security, it’s not about if you get attacked, but rather how to prevent hacks from being successful. So what can we do? You can drastically improve your security by reviewing a few tips and by implementing these security best practices.
Security Best Practices
- Use a strong password with the help of a password manager
- Two-Factor ALL THE THINGS
- Regularly change your WordPress salts
- Use secure file permissions
- Use sFTP whenever possible
- Use SSL on all of your WordPress sites
- Keep your WordPress site and everything on it up to date