Miss Tweak It Blog

Tweaking Websites to Meet Your Needs


Leave a comment

How to Keep Your WordPress Website Secure – Part 2

WordPress Website Secure - Part 2(1)In part 1 of this series on securing your WordPress website, we covered why it’s important to secure WordPress. We also reviewed two basic security concepts so you have some foundational knowledge to take the next steps with confidence.

In this post, let’s get to some actionable steps to start securing your WordPress site!

Setup a Backup Solution

Setting up a backup solution is the most important thing you can do for the safety and security of your WordPress website. Some security experts say that it’s not a matter of IF but WHEN you’re hacked. With backups of your website, you can recover from even the most damaging of hacker attacks.

Computer Parts

Most web hosting providers have ways to perform and download full backups of your WordPress website. There are also many free and paid WordPress backup plugins like UpdraftPlus and BackupBuddy. Third-party backup services like CodeGuard are easy to setup and will do daily automated backups of your site.

Whichever backup option you choose, make sure you can schedule automatic backups. You want to capture recent backups without even having to think about it. Store the backups off-site, meaning away from your WordPress server and hosting provider. Your Google Drive or Dropbox might be a good option.

Run Antivirus on Your Computer

How is keeping your personal computer free of malware, viruses, and spyware important for your WordPress security? One reason is that some malware programs install keyloggers which capture your keystrokes. A keylogger will capture your WordPress username and password and once the bad guys have that, they could log in as you and take over your website.

Virus Warning

Other things you should do:

  • Update and patch your operating system and applications often
  • Avoid risky and untrusted websites like gambling, pornography, and pirating sites
  • Use a VPN when accessing unsecured public Wi-Fi hotspots, like at a hotel or coffee shop

Only Use Secure Connections to Your WordPress Website

Speaking of unsecured public Wi-Fi hotspots, it’s important to use only secure connections to your WordPress website. Any information going out to the internet from a non-secure connection goes in cleartext.  This means any hacker can see the traffic you are sending, much like a postcard compared to an envelope.

So always connect to your WordPress site using only https:// connections. And if you use an FTP program to transfer files, always use SFTP (Secure File Transfer Protocol).

To establish a secure https:// connection to your WordPress website, you’ll need to install an SSL/TLS certificate on your server. Your hosting provider should be able to help you with that (or contact us here at Miss Tweak It). These days, SSL/TLS certificates are cheap and even free through organizations like Let’s Encrypt.

Always Use Strong Passwords

Over the last few years, there have been many password breaches. Once the stolen passwords were revealed, noticeable password-usage patterns appeared.

User Login

Turns out that many people end up using the same simple passwords that are easy to guess. Passwords like 123456, qwerty, and monkey should never be used. As a rule, never use a plain dictionary word for a password and never use names or keyboard patterns. It’s also not effective to replace letters with symbols, for example, ‘a’ with ‘@’, ‘i’ with ‘!’ or ‘e’ with ‘3’ like in p@ssword or monk3y.

What still works is a complex, long, unique password. Use these tips:

  • Make it at least 12 characters long (the longer the better)
  • Use a random combination of uppercase and lowercase letters
  • Mix in some numbers and symbols

Examples of a complex, 12-character unique password would be e]z!VChKx”7B or jX5K;?m#PP#v. But don’t use these, they’re only examples!

Since you’ll never remember complex passwords like this, use a password manager like LastPass or KeePass. These apps also have password generators to create perfect passwords automatically.

Conclusion

In the upcoming part 3, we’ll continue with more easy but powerful WordPress security tips. And if any of this sounds too complicated, we understand! As a business owner, you sometimes don’t have the time or interest to do the IT and security tasks that you should. Miss Tweak It has over 30 years of combined experience in the IT field. We specialize in Web Design, Project Management, and Digital Marketing. Contact us today and we’ll handle your WordPress security for you.


Leave a comment

How to Keep Your WordPress Website Secure – Part 1

WordPress Website SecureNow powering over 30% of the world’s websites, WordPress is the most popular website system out there. And it’s no wonder. WordPress is easy to install, setup, and use. It has thousands of useful plugins that extend its power and functionality. And it has many beautiful themes that allow you to tweak the look of your website while still following classic design principles.

So why bother securing your WordPress site? Because once anything in the digital world becomes this popular, it becomes a big target for attackers. The bad guys know that most WordPress sites are easy to hack because they are not updated.  Many sites don’t have a few basic (and easy) security measures in place to stop them.

wordpress

 

Getting hacked can also affect your bottom line. A hacked website can cause downtime which can hurt your profits, reputation, and search engine rankings.

In this 4-part series, we’ll cover basic yet powerful ways to secure your WordPress website. You can do this even if you are not tech-savvy and know nothing about security. These methods are free and easy to do. Additionally, they will give you a huge benefit for the little time and effort needed to put them in place.

Basic Security Concepts

Before improving the security of your WordPress website, it’s best to learn some basic security concepts first. Although there are many, let’s start with two. These two concepts will help you understand the reasons for our recommended WordPress security steps.

Security Image

Security is Ongoing

First, security is an ongoing process, not “set it and forget it.” The bad guys are always looking for new attack techniques and vulnerabilities. They discover new security holes every day, it seems. Luckily, we have good security researchers on our side, too. These white-hat hackers are also searching for vulnerabilities. When they find them and share their discoveries, software can be patched and improved.

The point is, although this series will show you how to secure your WordPress site, you are never “done” with security. You have to update and patch the WordPress core, plugins, and themes (more on that later). And you have to watch your website security status through things like email alerts and logs.

If you have a brick-and-mortar office space or store, you know it’s important to lock the doors and set the alarm every night. It’s the same with your website. You have a responsibility to keep it safe and secure, not only for your business but for your customers. Consider security just another part of doing business.

Defense In Depth

Another basic security concept is defense in depth. There is never one security solution that will solve all problems. It’s better to have many layers of security that add up and complement each other to become a complete solution.

Let’s go back to the office space example. If you combine locked doors, a burglar alarm, and security cameras, you end up with a pretty good physical security system. It’s the same when securing your WordPress website. By combining secure configurations, plugins, and practices, you end up with a more secure WordPress site. The sum is greater than its parts.

Closed Picture

Conclusion

But enough security theory. Let’s get down to some real-world actionable steps to help you secure your site. In Part 2, we’ll cover the most important first step in securing and preserving your WordPress website.

And if any of this sounds too complicated, we understand! As a business owner, you sometimes don’t have the time or interest to do the IT and security tasks that you should. Miss Tweak It has over 30 years of combined experience in the IT field. We specialize in Web Design, Project Management, and Digital Marketing. Contact us today and we’ll handle your WordPress security for you.