No one wants to think about their site getting hacked or infected. In fact, no one seems to think about it until it actually happens. The number one question web developers/web hosting companies always get asked by clients as soon as it happens is: “what can we do to prevent it from happening again?” A lot of clients don’t realize that a lot of hacks or infections can be prevented.
Here are a few tips to consider BEFORE your site gets hacked and panic commences:
We know, you love your dog or can’t image adding another password to the never ending list of passwords you have to remember. However, clients often underestimate how important strong passwords are. Letters, hyphens, numbers – the funkier it looks, the safer it probably is. When you set up your new site, be sure to setup new login information for yourself and other users and go ahead and ditch the “admin” username. It’s also recommended to set a limit for the amount of times a user can attempt to login to your site.
2. Updates, updates, updates!
Updates happen all the time, both for wordpress’ core and for any plugins that your site may be using. As annoying as it is to get notification after notification on available updates, they’re super important and happen for a reason. Many updates these days include some kind of security update that wordpress or the plugin company realize makes your site vulnerable to attacks. Keep your site updated and you’ll lower your chances of encountering a security issue…and you’ll get rid of the annoying orange dot at the top of your wordpress admin screen.
3. Find a good hosting plan
A lot of people are quick to sign up with their domain registrar for hosting (mainly because who could pass up: “Get a year’s worth of hosting FREE when you register your domain with us TODAY!”). We still stand by decision that security should be a top factor when choosing a hosting company and that it is definitely worth paying extra for. Many people don’t realize that a lot of hosting companies (although a bit pricier), offer a lot of security elements in their plans. Those companies that are designed specifically to host WordPress sites are especially great at making sure security measures are optimized for WordPress users. Many companies offer malware scans, malware cleanups, nightly backups of your site, etc, even if at a yearly upcharge.
All these addons are important things to consider when setting up your site and picking your hosting soul mate. They are definitely worth the extra upcharge to your hosting plan and something you should look into even if you already signed up for a basic plan.
4. Backup your site
We get it. You’re lucky if you login to your site once a year, so nightly or even weekly backups might not be in the plans for you. However, its a really great idea to keep regular backups of your site in case something does happen. That way, if your site does become infected, you can just wipe your site completely and replace it with the files that you backed up last night (hopefully).
5. Find a good security plugin
Everyone gets plugin crazy when their site gets hacked. Although this wouldn’t be our first option to consider when considering the security of your site, there are still options that would be worth considering. Wordfence and Sucuri are two plugins that are extremely popular and effective (though you can’t access the full spectrum of add-ons without upgrading to a paid account). The plugins are good to do scans and get alerts on possible compromises to your WordPress site’s security.