You’ve probably read scary stories about security breaches on company websites involving stolen credit card numbers or other compromised customer information. Perhaps it’s made you obsessively paranoid about online security, but many small business operators don’t pay much attention, assuming hackers would rather go after huge payoffs from big business sites.
But cybercriminals don’t just target global and national corporations; small businesses make easier targets because so many don’t keep their sites and security measures updated.
You don’t need a major corporation’s massive budget or in-house web security team to keep your WordPress site—and your customers’ personal and financial information—safe. All you need is proper precautions, like strong passwords, SSL technology, malware detection, and automated backups, and to keep them up to date.
WordPress or Not, There’s Always Risk
Some naysayers claim WordPress sites aren’t secure. But WordPress isn’t any more vulnerable than comparable platforms; it comes down to whether security best practices are followed with individual sites. Many security breaches happen at the server level or due to weak passwords and other inadvisable practices, having nothing to do with WordPress.
No website is ever 100 percent secure; threats and vulnerabilities always exist. But due diligence on your part greatly minimizes the risks.
Three Layers of Security
Every website that collects any personal data from visitors should have three basic levels of security in place to cover the three main phases of threats:
- Protection: The first layer of web security are the safeguards that secure information
- Detection: Then there’s the ability to detect viruses and other threats that manage to get through site protection
- Recovery: And you need regular site backups so it can be restored and data recovered should your site crash due to a threat that slips past the first two layers
Passwords and Administrative Access
Security best practices start with you, and specifically your passwords and those of your fellow site administrators.
Passwords are the primary gatekeepers guarding all private information. WordPress allows for long passwords containing capital letters, numbers, special characters, and spaces; all should be incorporated to create a strong password. Use a unique password for every account you have, and stay away from easily guessed passwords like your name, your birthday, or commonly used passwords.
Keep in mind that your mighty password is useless if one of your fellow site administrators uses 123456 for a password. Limit administrative access to your WordPress site to those who truly need it, and make sure they too use strong passwords. Don’t forget to delete admin accounts as necessary when there’s employee turnover or changing job duties.
Keeping Security Up to Date
Reputable website platforms like WordPress regularly update their security protocols and quickly develop fixes for new threats and vulnerabilities as they come to light. But they only propagate to individual sites with the performance of updates.
Websites, including their themes and plugins, must be regularly updated to maintain the most current protection against known and unknown threats alike. Similarly, regularly backing up a website is essential for ensuring it and its data can be recovered in the event of a crash.
Here at CREATE180 Design, we always show our clients how to perform updates and set up website backups. But we also offer a low-cost monthly maintenance service that takes care of all this, which most clients take advantage of. With it, they don’t have to worry about remembering and performing regular updates and site backups, and they get peace of mind knowing their sites are always protected with the latest security measures, and that recent data is accessible.
If you’re handling your own WordPress security, iThemes Security is a good option for protection. As for backing up your WordPress site, BackupBuddy is a recommended plugin.
WordPress Security Infographic
Infographic Credit: On Blast Blog