This is one of the most important questions I get asked every week, and have been asked it so often I knew I had to write a post that all encompassed more than just the WordPress platform.
WordPress can be a very safe web site experience, from the site owner and site visitors’ points of view as long as you follow certain precautions when you’re in the process of getting the web site ready.
Security plays a big part in every plugin creator and WordPress programmers’ days. It’s one of the most important things on their mind that they consider when they’re dreaming up something new and exciting or makes our lives incredibly easier. It’s important to remember to spend a little time planning in advance to keep your site secure for its visitors. There are a number of ways to do this, some include plugins, others include outside sources that help keep your site and its visitors safe. You want to reduce the risk of getting hacked as much as possible before a hacker finds you.
WordPress makes a number of plugins to keep your site safe. We’ll start with the obvious one that every site should have, the main security plugin. I recommend using Wordfence Security (there are others that cost a bit more and have more to offer, so i will write about them later in this article. Wordfence is free and fully featured as is.
Secure Updates and Patches from the WordPress Team and Others
The WordPress code writers have to consider how safe their code is from black hat hackers, who are trying to break into ALL TYPES of web sites, especially the ones not following proper protocols like the ones on this page. But, with all the security in play within its operating system, if you keep your anti-spam and anti-malware plugins as well as every other plugin up-to-date, and keep the platform at the latest version, you still have to make sure that you and your users create secure usernames and passwords so that the data you collect from visitors who are either buying from you or giving you personal information are protecting themselves.
Other Ways To Stay Safe in Today’s World as a Business Owner
Strong FTP passwords, a secure database, a secure web server, file permissions, security on specific files and folders within any web site, all are things that I’ll be taking care of for you that arent’ related to WordPress but are still something you should know about and ask any web designer if they’re working on those for you and if so which ones are they making sure are safe.
WordPress is doing their part, but it’s also up to you to make it harder on the hackers. Here are some free and very affordable (as compared to a major breach in your web site’s security)
Complex Site Usernames and Passwords
I know you hate to make time to make a password that you can’t remember off the top of your head but that’s how the world is today! With Target getting hacked, you can’t stay safe enough by just going through the motions and doing a few things out of your comfort zone to stay safe. You can make it so there are certain standards that even you need to follow on your web site when changing your password, standards that will help keep hackers from using their tools to figure out your passwords, get into your site and steal what you have worked so hard on.
I highly recommend getting a password saver, not just toi hold your work related passwords but one for Ebay, Amazon, Google, Godaddy, Target, Walmart, and all the other giants and even the little guys out there.
My Favorite Password Manager
I discovered Roboform about 8 years ago and haven’t looked back since I saved my first password. This is the best 35 bucks I ever spent. It saves and syncs all the data I put into it and it’s also a bookmarking and form-filling program as well. it comes with a very fun to play with password generator that lets you copy computer generated completely random passwords that are nearly unhackable if done right.
Creating a Password that is Safe
Passwords should have at least 8 – 10 characters, preferably closer to 15 or 16 characters. Those characters need at least one of each, preferably a mix of them:
- at least one uppercase letter
- lowercase letters
- non-sequential, non-repeating numbers, at least 2, preferably 4 or so
- special characters like the # or $ sign, or even the exclamation point!
Here’s a great tip on how to make a safe yet easy to remember password. Take a song or book’s name, or a saying you’re familiar with, like the chorus that gets stuck in your head. Take out All the Vowels, and treat the rest of the words like a Blog Title, with all capital letters, just no vowels. I use the y, since it’s part consonant! You can easily pick six or so of these, change-up the characters and numbers, and you have yourself a lot of safe uncrackable passwords.
Premium Plugins for Security
Wordfence Security does have a pro version that scans both the front AND the back end of your web site for malware and viruses daily and creates a two-step login for your web site (getting a text with a number in it is one way) that require a higher level of security for more sensitive features (like a dating service or a shopping cart site).
There are more but for now I’ve been very satisfied with how Wordfence has kept all my customers safe. If you’re a customer I haven’t talked to and you’re reading this, contact me immediately and I’ll get you setup with all the proper security immediately. NOTHING is more important than my clients safety and security in this business. In ten years, only two of my web sites have been ha
Akismet, is another free plugin that runs in the background and makes sure you don’t see 95% of the spam comments that come to your site’s posts through automatic form filler programs that are clogging the web today. When you setup a WordPress web site, getting a WordPress.com account is a great idea, and through this you can add in your free Akismet anti-spam api key as well as keep all your plugins updating automatically!
Frontend Spam Plugins Your Visitors Use to Prove They’re a Human!
There are also the plugins that keep your robot form-fillers from ever getting to your form with a simple check box or a plugin that asks you to do a simple math problem. Others make you type what the image text is showing, but I don’t recommend those anymore, as the software developers of that form filler I told you about have pretty much found a way for their software to actually read the words on a picture. This is one of those things that fills me with awe about computers and the power they’re gaining! It forces those same code writers I was telling you about to know what’s working and what’s not, so they make sure their code is always safe. They collaborate together to keep us safe without a thought!
When you think of an SSL certificate, you think paying online. Well, Google has made a recommendation of securing your entire web site using SSL now. Even if someone is simply browsing a content based web site, they still prefer that every site is encrypted. It’s something I have to do this week for my own site, as well as a few more of the things needed.
Why do you need this? SSL (stands for “secure sockets layering”) certificates are able to allow us a way to encrypt the entire web site, making it safe for a web visitor to visit it always without fear of being infected by a malware or a virus.
There are so many browser helpers objects that can he incredibly helpful but some contain malware and keystroke loggers and other terrible things that take over your computer. Now, the major anti-virus softwares make toolbars / browser helpers also help us also stay away from dangerous sites that would alarm us to the possibility of an incursion, or click on a link that we shouldn’t, and much more!
An Entire World of Design, Security and Programmer Community To Support You
There is more help available out there than in heaven and in earth, all to support people who use WordPress and all its related software plugins. If you have a chance to pay for priority support, I recommend doing it. You can never get help too fast when your site is down. Nuff said on that!