You are perfectly satisfied with your WordPress website. It looks great, runs fast and people constantly tell you how pleasant it is to use your site. What about the security of your website, however?
Why is the security of your WordPress website so important?
An insufficiently secured website is vulnerable to several forms of attack. Your site might get hacked and viruses might be implemented in the code. You do not want your website to go offline, especially if someone inflicts damage to your website or steals your data in the meantime. Since an attack may result in your website being unavailable for a while, you might also miss out on website visits and revenue. In this blog article, we will therefore explain what good website security protects you against and – more importantly – the best way to optimally secure your WordPress website.
What does good website security protect you against?
When your website is hacked, a hacker has managed to discover your password(s) and gain access to your data. Being hacked is every website owner’s worst nightmare. That is especially true for people with a web shop, because their customers’ data must be protected from third parties. Data security will become even more important from 28 May 2018, when the General Data Protection Regulation (GDPR) enters into force and website owners are required to handle their customers’ data with even more care.
Malware and viruses
Malware is malicious software that is used to gain access to your website in order to gather information or disrupt the website’s operation. It can also remotely deactivate your firewall or anti-virus software, which significantly increases the risk of viruses. This page tells you all you need to know about removing malware.
A virus is a form of malware that adds something to the code of a website or a system. It allows a third party to e.g. steal your passwords, encrypt your data or control which websites you can visit. In the latter case, there is a serious risk of becoming infected with even more viruses.
Although afflicting the aforementioned damage is the primary goal of a virus, there are other side effects that can be just as unpleasant. A virus may add redirects to other viruses to your website. If Google discovers this, your website may be displayed at a far lower position in the search results. After cleaning up your website, you will have to work hard to earn back your original position.
During a Distributed Denial of Service (DDoS) attack, a large network of servers is used in an attempt to render your website unusable. Your server goes down under the strain of a large number of simultaneous connection requests. Your website will become slower and certain sites may be entirely unavailable. As with a hack, your customers’ data may be stolen during this process.
Check out if your websites are safe enough to prevent these attacks!
How can you protect your WordPress website?
Fortunately, there are several ways to secure your website and protect against the aforementioned dangers. A few simple measures will go a long way.
Encryption with SSL certificates
With SSL security, you encrypt your data before sending it via the internet. This ensures that only the intended recipient can access your information; it is kept hidden from people or computers who might intercept your data. By using SSL, you can give visitors of your website the assurance that even if their data is intercepted, it cannot be accessed by malicious third parties.
Use the sFTP protocol when sending files
The sFTP protocol facilitates secure file transfer. As with SSL security, the information is encrypted during the transfer process, which means third parties cannot access the data. You can read more about using the sFTP protocol in our knowledge bank.
It is important to make sure that both the WordPress core and any plugins and themes you use are up to date. Developers still regularly discover vulnerabilities in the software. If you use our Warpdrive plugin, you can customise WordPress’ auto-update settings to your liking. Security risks in plugins and themes are often only discovered after their release. It is therefore important to implement the latest update as soon as possible. Savvii makes this process easier by also automatically completing these updates.
Use strong passwords
It may seem obvious, but some people still tend to underestimate the importance of using strong passwords. You should choose a password that is hard to guess, so hacking your website is made more difficult. Do not write down your passwords and do not make a list of your passwords in Word. If anyone should ever acquire this file, they would gain access to a wealth of information. A useful tool for saving and generating passwords is LastPass. You can use this tool to encrypt and decrypt your data at the device level.
Adopt the least privilege principle
The least privilege principle helps you prevent hacks. By only providing account access to the people who need the information in question, the risk of user data being hacked is kept to a minimum.
Secure your WordPress website with Savvii
Of course, we at Savvii do everything we can to prevent your website from being hacked. Once a day, we conduct a scan to detect any malware and viruses. On top of that, we employ Brute Force prevention measures, a firewall and automatic updates and we clean up malware for you.
Security Plus Package
With our Security Plus Package, the security of your WordPress website will be even better. We scan and monitor e.g. dangerous requests and the modification of information more frequently. The Web Application Firewall, the Intrusion Detection System and Emergency DDoS protection ensure that dangerous requests, user agents and aggressive bots are detected. All alerts are forwarded to us. This means you will not be bothered by false alarms and it allows us to respond quicker in the event of an actual security breach.
Check out if your websites are safe enough! By following our free WordPress security checklist, you’ll make sure your websites are secure.