So how do we make sure your site is protected?
The good news is there are a few things you can do to make sure your site is protected as much as possible. I say as much as possible because a website can never be 100% safe. So lets break down what can be done.
1. Choose a good hosting provider
The term ‘You get what you pay for’ couldn’t be more true when it comes to hosting. Did you know that 41% of successful WordPress hacks were due to hosting. That is a surprising number so it pays to do your homework and research before deciding on a provider. I’m not saying you need to buy the most expensive hosting package out there, but be careful and don’t think you are getting a great deal at $3 a month.
2. Install a security plugin
There are some great plugins both free and paid that add a ton of cool security features to your site. My personal favourite is Wordfence as it is very powerful, light weight and can potentially reduce page load times with it’s built in caching system. There are two versions available, free and premium, but the free version will do most things people need. The best feature of Wordfence is the ability to scan your WordPress core, plugins and theme files for suspicious looking code that shouldn’t be there. Other security plugins worth mentioning are iThemes security and All in One WP Security and Firewall.
3. Backup and restore plugins
In the past I have had people contact me about their recently hacked site asking me to restore it to it’s former glory. The truth is without a backup this is nearly impossible to do without re-building it. Often when hackers get into a site they will take what ever information they can and then sometimes start deleting files and assets off the server. Once files are removed from the server they can not be recovered unless there is a site backup. Most often your hosting provider will take nightly backup of the server however they usually only keep the most recent 7 days. This may sound well and good but what if the piece of malicious code responsible for the hack was laying dormant in your site for a month? All their backups would still contain the culprit causing the issue and you would have the same problems all over again.
A great way to avoid this scenario is to install a backup plugin and keep copies of your site on an external hard drive or you computer. As a rule of thumb I take a nightly backup of the site database and a weekly backup of all site files and assets. If you run a site that adds new content daily or an online store, I would recommend nightly backups for both files and database. Be sure to schedule these backups at a time where your site has low traffic as the backup will put a bit of performance pressure on the server and may affect the viewing experience for your visitors.
I personally use UpdraftPlus Backup and Restoration because not only can you can create schedules for automated backups you can also push the backups to third party storage services like dropbox. There is no point keeping all your backups on the server if you are unable to access the server if it gets hacked.
Updraft also has the ability to restore your site from previous site backups and the best part is it’s completely free with the option to upgrade for other premium features.
4. Secure your site files with .htaccess
A .htacess file can be a powerful tool to your hosting environment. It provides a set of rules that tells your server how to handle directory indexing and which files can be access directly or not. These rules prevent attackers from trying to inject or change code in your WordPress core, plugins and theme files. This file can be a little technical and without the right knowledge can break your site all together. I recommend getting a developer to check over your .htaccess file and make sure it is configured properly to your WordPress setup. SevenDev provides this as a service for $100 AUD.
Well that’s it for now. If your site is covering using these few techniques you are giving your site the best possible chance against an attack. Remember, it’s not good enough to just prevent an attack but to also be able to recover from one. There is a ton of others security tips that can harden up your WordPress site but that was not the purpose of this article and will be covered another time.
If you want your site to have all these great features but unsure how to do it yourself, feel free to contact us and we can make sure you are protected. We offer great services at even better prices.