Today, WordPress has become one of the most used tools for creating a website. They account for over 60% of the content management system market share. It has therefore become the most used platform all over the world.
Unfortunately, success in IT means security risk. Due to its popularity, this CMS has become an easy target for hackers.
Why should I protect my website?
Think again if you believe that your non-transactional website will not be a target for these hackers. An unprotected and outdated website, whether created with WordPress or not, can be a springboard for the spread of spam or the propagation of fraudulent sites. Indeed, hackers use your unsecured site as one of their tools. As a result, the reputation of your website and your server declines. This means that search engines, such as Google, may no longer index you.
How do I protect my site?
Use strong passwords for administrator accounts
This aspect seems obvious and basic. That said, many admins still use the word “admin” as their username, combined with a password such as their date of birth.
At our offices, we use a password management tool called 1Password. But, here are some points to help you create a good password.
- The longer the password, the better
- Use whatever is available on your keyboard
- Do not use dictionary words
- Avoid commonly used password patterns
- Use unique passwords
- Be careful where you store your passwords
Make regular backups and updates
Probably the best advice on this page.
A website is like a car. It will need regular maintenance to run well and be protected. On a regular basis, the team of programmers of Wordpress, extensions and themes that you use update their products. The purpose of these updates is not only to add new features, but also to fix vulnerabilities that are in their code. It is not uncommon to see updates every week.
However, it is preferable to always update these different tools. And as with cars, an update on a moving mechanical part can cause the entire system to malfunction. This is why it is important to be able to go back. Regular save points will allow you to have this flexibility.
The choice of extensions and themes
If WordPress is the engine of our car, the extensions and the theme are the different functionalities and the different aesthetic versions that are available to our car. The choice of your extensions and the theme that you will use for the creation of your website becomes important. Ideally, one should choose tools that have some positive reputation, but also a regular update history. In our experience, it’s not uncommon to see updates coming out every week. Here are some points to consider:
- The date of the last update
- The number of active installations
- User comments
- The date of the 1st publication
- And if it has been tested with your version of WordPress
Install an anti-malware tool
This type of tool checks the WordPress code base and automatically notifies the site administrator if it detects an anomaly. An Anti-Malware extension is comparable to an antivirus on your computer. Even using the basic version of a tool like WordFence Security is much better than nothing at all. In most cases, to access the advanced options of this type of tool, you will have to pay a subscription fee.
Uninstall and remove unused extensions and themes
You have to clean up. A well-ordered system is a better protected system. By eliminating risk of vulnerable entries, we only help our “car” worked well. In addition, by shedding unnecessary baggage, our website will gain a little bit in speed of execution.
Use an SSL certificate
It doesn’t matter if you have a transactional website (online store) or not, your website can and should be protected by an SSL certificate. Without this layer of security, the data transmitted between your user and your website will not be protected. For example, if one of your customers uses a contact form on your website, your SSL certificate will add a layer of protection to the information they send to you.
All websites that request information from users (contact form, shopping cart, account creation, etc.) should have a security certificate. Moreover, this is why now the various web browsers, such as Google Chrome, warn its user when the certificate is missing or broken.
Your SSL certificate should be installed on your hosting server directly. However, it is very likely that you will have to contact your host about this.
At Aweba, your website and your hosting comes by default with an SSL certificate, provided by one of the fastest services: CloudFlare.
A well-protected site
Here you go! A good basis to protect your website. Certainly, there are several other methods to strengthen your security. But, we believe this article will get you started right. Hope this article helped you a bit. And if you liked reading me, and you would like to get to know WordPress and the world wide web, don’t hesitate to subscribe to our newsletter and our YouTube channel.