Website security is something that you hear about in the news all the time. So and so's website has been hacked and has leaked peoples sensitive information. It's something that will probably never stop. And if your website has been hacked before in the past, you know how much of a pain in the rear it can be.David Bisson recently wrote an article about this on GrahamCluley.com and what it does:
David goes on to explain that most of the sites that are getting hit with this are WordPress sites that are running out dated versions. So what do you do? How can you protect yourself? If you are like us, WordPress is your platform of choice. But there are some things you must do to keep hackers out. First never ever, and we mean NEVER, leave your Username to sign in as "Admin", which is the default. We like making stuff up, or using parts of people's names, your favorite team, whatever. Just don't leave it Admin! The same goes with your password. Make it part of a song, like a few words from your favorite song along with a few numbers and various punctuation marks. We also like moving the login so that it is no longer yoursite.com/wp-admin. There are a few plugins out there that make this easy to do. Now you might be saying to yourself "how do I keep up with all of these passwords?". We like using Last Pass. We have researched them and find they do an excellent job of encryption and protecting your information. We aren't endorsing them, they are just who we like. There are others out there, just do a Google search for them. There are a lot more things to do to keep your site safe. Jean-Baptiste Jung covers in a post he wrote on DZone.com and here is a snippet from it:
Ransomware's new target? Websites Extortionists demand Bitcoin ransom be paid to restore WordPress websitesContinue Reading The Article Here...
Good article from him, but if using .htaccess and uploading directly to your server is a little over your head, you should probably get a webmaster to do it for you. You can really mess things up if you do it wrong. As far as the Hosts he recommends, the only one that we have used from that list is A Small Orange. We have never had any problems with them, no down time either. For most of our main sites and client sites we use A2 Hosting. We stay away from GoDaddy and HostGator. With GoDaddy we have had issues and can't get customer service on the phone for over an hour. Same with HostGator. Another factor with hosting is that GOOD HOSTING won't come cheap. Again, do a Google search if you don't like our recommendations for "Reliable Web Hosting" or something along those lines. So to sum it all up in having a secure website - have long usernames and passwords, move your wp-admin, pay attention to where you are hosting your site, keep your site up to date with new releases from WP and plugins, and MAKE REGULAR BACKUPS! visit our site and we can handle all of your web design and security issues. Until next time :)
10 Tips for a More Secure WordPress Blog
Host Your Website on a Reliable Web HostEspecially if you’re on a shared server (this is the case of most small websites such as a personal blog), attackers can use corrupted files on the server, even if they aren’t yours, to spread on other websites hosted on the server. This can’t be fully stopped by you alone, so you need to be sure that your web host is super serious about security and offers strong customer support that will always be helpful in case something goes wrong. Below are the three web hosts I personally work with and recommend for their performance and security:
- Vidahost: this company has been hosting CatsWhoCode since 2012. The speed and availability are amazing and the support service always responds fast, even on Sundays or in the middle of the night. The only downside is the somewhat expensive price, but just like cheap hosting isn’t good, good hosting isn’t cheap. Good news: by using the coupon CATSWHOCODE when checking out, you’ll get 10% off any hosting plan.
- A Small Orange: A company that many of my partners and I work with, A Small Orange is offering an exclusive discount to CWC readers consisting of one year of hosting + a domain name for only $40. Definitely a great deal for serious websites owners.
- In Motion Hosting: I haven’t worked with them directly yet, but I’ve been fixing quite a lot of websites hosted on their servers and everything was smooth. Definitely worth checking out!
Have BackupsIf a problem happens, it is essential that you have a backup of both your database and files so that you can restore them to your server. Backups can be done manually or by using a plugin such as WP Database Backup. Your web host can also make regular back-ups of your website and database. The three hosts I mentioned above do free, regular backups for their clients and their support service can help you to restore it to your server in case of an attack.
Use .htaccess to Protect wp-loginPassword protecting your wp-login.php file can add an extra layer to your server. Because password protecting wp-admin can break any plugin that uses AJAX on the front end, it’s usually sufficient to just protect wp-login.php. To do this, you will need to create a .htpasswd file. To do so, go to htpasswd generator and follow the instructions. Once you have your file ready, upload it to your server. Once done, you need to tell .htaccess where it’s at. Assuming you’ve put .htpasswd in your user’s home directory and your htpasswd username is mysecretuser, then you put this in your .htaccess file: Continue With His Article Here...