I’m assuming you already have a WordPress site or are seriously considering it for building yourself a secure website. This article will help teach you how to keep your WordPress site safe from outside threats you will likely encounter.
On the other hand, you may not be sure a WordPress site is the right option for you. If that’s the case, I’ll post a helpful guide soon. The guide I’ll share will compare different options for websites, their safety, risks, as well as their benefits.
WordPress is One of the Most Popular Platforms for Building a New Website
The popularity of WordPress makes it one of the most targeted by hackers.
By its very nature, WordPress allows you to make changes to a site yourself. You can create a site from scratch (not recommended), use a premade template design, or have a professional web designer or developer set one up for you. The latter tends to be the most secure.
The Security Risks & Rewards of Using WordPress to Build a Safe Website
There are literally 1000’s of web designers who build websites using WordPress. As you can imagine, within industry after industry, there are amateurs who often fake their way through it. Choosing the wrong web designer could result in the site they set up to be vulnerable.
Should you be concerned about someone’s skill level?
Are they a good choice for building your new website?
Although amateur web designers can be significantly cheaper, I strongly advise not going this route. It may seem very appealing at first, but there are reasons why you should avoid amateurs. Like most things in life, mistakes early on can cost you a lot more in the long run. They might setup a WordPress site that leaves you vulnerable and not properly protected. Unless you have no other choice, hire someone knowledgeable and who you know can fulfill their commitment.
Sure, you might get lucky and find a great web developer who is knowledgeable and willing to make a great deal, but not likely! More often than not, you will end up with someone who can setup a basic WordPress site on a cheap hosting platform. But they might not deliver what you were expecting or originally agreed upon. They may also be unwilling to help you maintain it once complete.
What’s Wrong with Hiring an Amateur Designer?
The problem with hiring an amateur web designer is they’ll likely make mistakes. The mistakes they make may not only prevent your site from being as visible as it could be, but could put your valuable investment of time & money at serious risk.
Think about hiring a web designer, or web developer, as if you were hiring an electrician to rewire your kitchen.
A professional web designer will do it to code, ensuring your house will pass inspection which is important if you choose to eventually sell it. They will also make sure you have enough outlets and circuit breakers to prevent your appliances from shorting out and possibly burning your home to the ground.
If you don’t have the budget for a professional to do the job, you should at least get a bare bones website setup properly. Find a web development company that knows what they’re doing and will protect your investment. They must be willing make upgrades for you as your budget allows for it.
The Dangers!
In theory, the editability of a WordPress site sounds great!
WordPress however goes a step further and allows outside developers to create themes and plugins that add extra features to a site.
Themes and plugins are often free, while some charge a small fee. Custom built upgrades can cost as little as a hundred dollars to several thousand.
The dark side of any WordPress theme or plugin is it could be a vulnerability, or eventually become one.
By installing any WordPress theme or plugin, you’re inviting an outside developer in.
It’s like giving someone you don’t know, a tour of your home and telling them where all your valuables are.
There are some precautions you can take, but you can never be 100% safe. Anyone who tells you differently doesn’t have the experience or understanding that you need to protect your investment.
Poorly designed WordPress plugins and themes can leave back doors or other vulnerabilities that hackers can exploit.
A common misconception I often hear is that – “I have a little nobody blog, or website. So why would they attack me?”
That and – “no one even knows my site exists!“
Don’t let yourself fall into that mindset.
It’s a recipe for disaster!
Just because your site doesn’t get a lot of traffic, or your site is on page 20 or higher of Google, doesn’t mean you aren’t already on a list of targets for hackers. You still need to know how to keep your WordPress site safe from malicious attacks.
Attacks are often attempts to gain access to a sites’ sensitive data. But even more so, hackers use compromised websites to launch attacks on other websites, or to send spam or phishing emails.
When hackers send spam from your site, it’s your site that gets red flagged!
Your web hosting company may even delete your corrupted site from their server!
That’s because it’s putting their servers’ reputation at risk, and consuming resources typically shared by others on the same server.
It’s similar to a program or app that’s using too much memory and causing your computer or device to become sluggish or non-responsive.
I’ve personally had to make the call to take down a website and scrub it from the server. It’s usually because an amateur web designer took risks without understanding the inherent dangers.
What About Restoring My Site From Backup?
Restoring a corrupted site from a server backup sounds simple. But it’s not always that easy!
Hackers know that websites do daily, weekly, and monthly backups, usually automatically. Experienced hackers often install back doors they leave untouched until it’s in all of the recent server backups.
Once you restore a site from backup, hackers can get right back in and take control. At that point it’s a recurring nightmare you can’t escape from.
No Decent Web Host Will Allow a Compromised Site to Stay Up
Just disabling or removing the compromised plugin or theme may not be enough. if the compromise was spread further into other parts of the site or database.
So what can you do to ensure this never happens to you?
In short, nothing!
You can and should take smart precautions. But you accept a certain amount of risk when using any WordPress plugins. Before you say, I just won’t use plugins; That’s not practical either.
Plugins are what allows your site to do more than just posting pictures and text on your site. Want to add a contact form? You need a plugin for that. Want that cool new feature? You’ll need a plugin for that. And so on.
Hackers using other already compromised sites to make ongoing attempts to guess your login credentials is a constant danger. A high percentage of people use weak passwords to secure their websites or user accounts.
Laziness and convenience is what hackers count on!
So, what should you do?
Take Precautions to Keep your WordPress Site Safe
- When it comes to security, always use obnoxious passwords that contain upper and lower case letters, numbers, and symbols.
A strong password is a good start, but we suggest going even further. Your username name should never be “admin,” and it should not be your site name. Any username you create should include characters other than letters.
- Write your posts under an account with limited privileges
- Administrative accounts should remain private, and not publicly visible
Usernames should never be visible to the public. In fact we even recommend disabling the “admin” username during the initial WordPress installation.
- Never use a plugin or theme that has low numbers of installs or users actively using them. Let other people take the risk with new plugins or themes. If you pay to have a custom one created, make sure it’s from a reputable company.
Stay current on security bulletins to keep your WordPress site safe. Plugins can be perfectly secure one day only to become a danger the next. Security threats can be simple programming errors. Or they can be plugin or theme updates that cause vulnerabilities. Plugins sold unknowingly to unscrupulous entities, can become a security threat as well.
Both WordPress plugins and themes roll out ongoing updates. This is to ensure compatibility with, and to take advantage of new features of WordPress core updates.
- A good firewall is critical!
A firewall doesn’t guarantee that your site won’t get attacked.
While that may be true, a firewall informs you of each hack attempt. In addition it provides valuable extra time for you to adapt to attacks.
Good firewalls give the added ability to block attacks by individual IP addresses. Granted, most determined hackers will use other sites they’ve already compromised to make more attempts. A firewall will slow a hacker down however and make it harder for them to find a vulnerability. Just ensure your firewall is configured properly.
- Check for WordPress theme and plugin updates often!
Log in regularly to check for any available WordPress updates. When vulnerabilities are found, WordPress may roll out back to back updates to their platform.
If you aren’t aware, automatic WordPress updates are now standard. Keep in mind, updates may take extra time to roll out to all WordPress sites, depending on when a site was last updated.
Even the best of programmers can make mistakes or miss something. It’s very easy to overlook something you’ve already tested dozens or even hundreds of times. In programming, one extra or omitted character can cause chaos and even expose vital information.
Do your due diligence and stay informed!
Above all, I hope this article enlightens you to the very real risks with WordPress sites in particular. Keep in mind the same holds true in regards to any publicly exposed website.
Article by:
Dennis Altshuler
President & CEO
NetSys Interactive Inc.
Contact us to build a new custom website that includes effective SEO and marketing campaigns.
Or if you’re looking to upgrade an existing WordPress site or custom website to be more safe and sales friendly, we offer several options. Our website packages include a variety of features that fits almost every budget.