Site owners have a lot on their plate, and it’s tough enough keeping up with the latest trends in marketing, SEO, and new plugins and tools to make your life easier. But, the one thing most overlook is site security. In reality, my site security affects yours, and yours mine.
Take this quick Site Security Evaluation Quiz and see how your site measures up. If your answer matches the one listed, give yourself the assessed points.
Did you use the one-click WordPress installation?
Is your login user name admin?
Does the meta data below the title of your blog post (the author name) show your login user name?
Did you create a custom database table prefix?
Did you protect the file with your database and WordPress login info?
Did you protect your plugin directory from being searched?
Did you protect your site from being fully searched?
Did you remove the code that shows your WordPress version?
Are all the following up-to-date: WordPress, theme, plugins?
Do you have a current backup of your site?
Assessing Your Risk
How many holes do you think a boat needs to warrant a threat of sinking? If your total points are more than 0, your site is at risk. The bigger the number from your quiz, the bigger the hole is in your security.
There are a couple of reasons why your site might get hacked. The most obvious one is to take your site down. But, that’s not the most prevalent reason. Most hackers are not after your site. They’re after the server and want to use it for their own purposes. (Read Why so many websites have been down lately) They have no intention of harming your site and you’ll never know it’s happening until Google slaps your site with a big red label, warning folks not to visit. (Read Google Insists You Take Website Security Seriously)
Patching the Holes
There are several WordPress plugins available that will help assess your site’s security risks and do their best to patch the holes. But, these plugins can’t make up for some of the most basic security risks, like your login username advertising that your site is easy to hack. (Read Invite Hackers and Shun Viewers with Bad Meta Data)
Don’t Use 1-Click Installation
You would think that hosting companies would have a vested interest in your site’s security, but they don’t. They are trying to sell you quick-and-easy. To date, I only know of one hosting company that has taken measures to beef up their 1-Click installation process to plug some of the security holes. It’s not all that needs to be done to secure a site, but it’s far better than the way it was. (Read WordPress 1-click Installation is not Secure)
Get a Geek
The very best way to protect your site is to hire a geek to set it up right in the first place – not a pseudo geek, a real one. If you want to vet someone, ask them this, have they ever helped anyone recover their site from a hack attack? If the answer is no, move along.
Every hosting service has different rules about the type of security measures they allow.
If you come across a generic .htaccess file that someone suggests using, I hope it works with your host and doesn’t suddenly make your site inaccessible.
Vet the advice you’re getting. If someone tells you to update your robots.txt file, move along. Here are two reasons why. It’s a public file, meaning anyone can read it on your site, and malware robots ignore its instructions. It may actually point the way to the things you’re trying to hide.
Fix it Later
If you already have a site, a geek can fix every security issue the host allows. It’s more expensive than setting it up right at the beginning, but it can be done.
Bullet-Proof Your Site
The Pentagon has all the money and personnel it needs to keep hackers at bay. They work around the clock to do it. There is no such thing as set-it-and-forget-it site security. And, there is no such thing as a bullet-proof site.
Do Your Part
Even if your site is set up correctly at the get go, there are things you’ll need to do to keep it secure.
- Keep WordPress, your theme, and your plugins up-to-date.
- Every time you install something on your site, you could be introducing a new security risk. Only use themes and plugins from trusted sources.
- Back up everything. You’ll turn every color of the rainbow sick if you loose your site without a recent backup.
If we all take responsibility for our part, our sites will run faster and have less down time because everybody around us on the server is more secure too.