Recently, I sat down with a potential client to discuss future plans for their new website. I went through my presentation discussing what we do and how we can help them get the website they envisioned. After learning about their needs, I recommended using WordPress for easier scalability and greater flexibility. The first thing they asked after I had mentioned WordPress was, “but, isn’t WordPress insecure?”
While it’s true that WordPress has gotten a bad wrap for being “insecure”, that connotation is simply inviable. It’s like blaming the chicken for the egg’s poor decision-making. However, after hearing this concern from more than one of our clients, I realized that this was a more widespread misconception than I had previously thought. So, as any reasonable person would do, I decided to write a blog about it.
Look, I realize I’m going to receive some pushback on my statements here, so before I go any further, let’s just clear some things up.
- WordPress is the most popular content management system (CMS) on the planet.
- As with any widely-popular technology, it’s an equally popular target for attack.
- Websites using WordPress are only as secure as they are built to be.
- The more steps you take to protect your website against attacks, the more secure “WordPress” is.
I mean, even Google Sites are more vulnerable to attacks than websites built on WordPress. But, that doesn’t mean it’s all clear to sail. There are definitely steps you and your website manager must take to ensure your website is safe and secure.
Alright, enough background music, let’s get to the bread and butter. What can we really do to protect your WordPress website from attacks? I’m so glad you allowed me to ask.
These days, https encryption is essentially mandatory if you want to rank well in Google Search. It’s also one of the best ways to protect your WordPress website against attacks. At Site Assembly, it’s now a requirement.
Setting up an SSL certificate requires a bit of expertise. We like to work with globally recognizable security brands such as Comodo and Symantec who offer Site Seals that act as “verification” that your website is protected. Think ADT signs for homes.
From a technical standpoint, SSL certificates work by encrypting user data collected and shared on your website. This includes back-end administrator data as well as front-end data collection such as user forms and newsletter signups. As long as the certificate is set up correctly, this will be a big improvement in protecting your website.
Updating and managing your plugins are two of the easiest ways to protect your website against attacks. Many times, vulnerabilities found within these plugins are fixed and released for updating. If you’re still using a particular plugin and it has an update available, do it! Be sure to check the update warnings to ensure you won’t lose any data or customization.
You can access your plugins by clicking on the “Plugins” menu option in your Administrator panel. You’ll find a list of all your installed plugins along with notifications if updates are available. You should also uninstall plugins you’re no longer using.
Password Secure WordPress Website
I’m sorry it came down to this, but, it’s still a huge concern. So many people know it’s important to choose a strong password, but not many actually put it into practice. I cannot emphasize this point enough! Choosing a hard-to-guess password is a must these days! There are tools out there to generate strong passwords, and thankfully, we’re even expert password recommenders ourselves.
Here are a few pointers on choosing a strong password:
Use sentences combined with special characters instead of single words and numbers. A password such as
IknowYouWantTo_but_GoodluckGuessingThis1! is a lot harder to guess programmatically than
Password123 or your birthday. Get creative and have some fun with it.
Use secured password generators. This one’s not as fun as coming up with cool sentences, but it is just as effective in protecting your website from attacks. We’re biased as to which password generator we prefer, so we’ll let you decide. There are plenty to choose from.
If you haven’t heard of it before, SuperAuth is an amazing platform to help you “go passwordless.” This unique software works by removing the need for usernames and passwords altogether and instead offers a single sign-on and automatic two-factor authentication option for your users. You can download and integrate SuperAuth Passwordless Authentication here.