Recent high profile hacks have brought the topic of website security to the fore. No longer is internet safety solely the domain of the CIA and Lulzsec – it’s now also an issue for your own personal site. No-one wants to be the one spreading Viagra messages across the web; your website is your online personality, and clients generally like to know that you can take care of your own website.
With WordPress dominating the new-build website market, vulnerabilities in one website are becoming increasingly worrisome for others on the same platform, but luckily there are a number of simple ways to ensure you minimise the risk of becoming infected:
Risk Reduction
Updates are annoying. Although some may think they serve no purpose other than to consume our lives with pointless website management, most updates have a good reason for being released. The Reuters blog, a high traffic website, started spewing fake interviews with Syrian Rebels across the internet after a hack utilized its outdated and compromised version of WordPress. The update would have taken 20 minutes maximum. So when you see that nagging reminder on your WordPress dashboard asking you to update? Do it! Clicking ‘update’ will take far less time than trawling your website at a later date trying to remedy the situation.
Prevention is always better than a cure; with WordPress, the one-click update process is as user-friendly as it gets. The first step in website security is not computer wizardry, but simple diligence.
Choose your plugins wisely
The beauty of WordPress is in it’s modularity; it will do whatever you want and a whole bunch more. But when you’re adding functionality to your site, whether its a simple Twitter widget or a whole E-commerce platform, choose wisely. Google is great at giving you a whole slew of options for every possible plugin, but there is a simple checklist that can turn your guess into an educated decision:
1. How often is the plugin updated? Look for a plugin that has been updated since the last main WordPress update. An author who is on top of their plugin is more likely to identify any flaws and remedy them before you even download the plugin.
2. Who is the Author? A reputable developer with an updated website and a range of products is more likely to stay on top of bug fixes and updates than a single freelance developer. The functionality may not differ, but the long term support will.
3. What’s the rating? Open source is awesome, and people like to talk. These two tenants of the modern web mean that the WordPress ratings can be trusted to guide you in the right direction when choosing a plugin. What’s the best rating you can get? Ask us! We use a variety of plugins everyday and can quickly evaluate whether the product will do what you need while keeping your site safe.
Clean out the closet
Although WordPress minimises the effort needed to keep your site in good shape, it is not a fit and forget solution. Take a couple of minutes every so often to go through your plugins and see if there is a better solution that solves your problem. Is there a new tool which gives you the functionality you need without anything extra? As always, simple is best; the less extra fluff your site has, the safer it will be from unscrupulous attacks. Often, new core updates to WordPress bring new features with it – Jetpack is a great example. Bringing these things in house reduces your exposure, not to mention reducing the number of plugins you need to juggle.
Anti-virus solutions
When it comes to anti-virus protection, there are a number of steps which need to be taken. Going back to our first point; update. Update your computer’s operating system and your browser, and make sure your local anti-virus protection is running smoothly. Firewalls may seem very 2001, but they are still relevant in ensuring no one is accessing your computer without your knowledge. Browser extensions can function in a similar capacity; for example the Noscript extension for Firefox allows you to control which websites your give a hall pass to. Once you’ve covered these bases, take a look at the Antivirus plugins available in WordPress plugin repository; although not a fix all solution, they may catch some problems before they become serious issues.
Don’t neglect the simple things
With all that being said, there may be an easier place to start. As basic as it sounds, most attacks use some kind of automated system for gaining access to a system. The dictionary attack, for example is a mechanism that iterates through the most common passwords to find yours. Make your security system impervious, and don’t ever use a common password!
Also think about who has access to your site. Does everyone who writes blog posts really need to have administrator permissions? The less people who can get their hands on your site, the fewer accounts that exist – the safer it will be. Updating your anti-virus software is only useful if everyone else is doing it too.
Conclusions
WordPress does a great job at keeping you safe from the nastiest parts of the web, but it also takes a little bit of work on your side too. Stay on top of updates both on your site and more generally on your computer. Make sure you understand what each plugin is bringing to your site, and avoid any unnecessary exposure. A little housekeeping goes a long way, too. iSupportU keeps on top of these maintenance issues every day, and we can tell you where you’re most vulnerable. If you have questions on keeping your site safe in the long run, send us an email or give us a call and we can find a solution that works for you.