Everyday there is a story on the news about digital information being compromised. Whether it’s your friend’s e-mail account being hacked, or the release of CitizenFour, ( the real-life film of Edward Snowden’s exposure of NSA surveillance) data security is important to all of us – and WordPress sites are no different.
Why should we take security on WordPress so seriously? Simply because having your website compromised is a massive pain. Do you like the idea of spending a day or two getting a backup of your site installed on a new server? Even worse, you don’t have a backup and need to get a whole new site-and that’s just websites without sensitive data.
Here’s some super simple steps that anyone can take to keep a website more secure.
Make Sure You Have Strong Passwords
This is by far the easiest step you and you can implement it immediately. Hopefully you already have.
If you don’t have a strong password please fix this right now!
“But It’s So Hard To Create/Remember Good Ones”- sure it is. But we’ve got a little trick to make it easier. Make a story, or a sentence e.g. “ I arrived at Beijing in the summer of 2007”
Now select parts of this sentence and make them into a password like this:
Sure it’s going to take you about a week to get used to it, but at least you can write down the original sentence somewhere without giving the game away. Keep the actual password on a piece of paper somewhere for 2 weeks and throw it out once you’re sure you’ve got it locked into your head. If you’re worried, keep a sheet under the bed with your sentences.
Another way to overcome the passwords problem is to use a password plug-in for your browser like Lastpass. It works with your browser and remembers all your passwords for you. It will even create new and complex passwords that are hard to hack.
All you have to do is remember the master password for your account, and hey presto! Lastpass also has a mobile app, so if you’re at a friend’s machine you can use it to retrieve your passwords. Is it safe? Very. By using a system that means that the software in your machine deals with your password, even Lastpass themselves can’t get to it. The vault where they are stored is very heavily encrypted so that even Lastpass themselves couldn’t access them if they wanted to.
Check Regularly For Updates
Updates generally are there for a good reason.WordPress is a non-profit organization, so it has no motive for releasing updates, except for the fact that they are there to improve things for their users.
Updates are there to fix bugs, deal with security features issues and bring in new features.
The only way for you as a WordPress site owner to deal with these issues, is to log-in and update your security on a regular basis. It takes less than 5 minutes to log-in to your site and do few clicks to update, so really there is no excuse.
Protect Your Admin Access
Have you been using ‘Admin’ as the username on your site? Bad idea. Why? That’s the first word that any hacker is going to use to try to access your site. Anything other than ‘Admin’ is a massive improvement.
Going back to number 1 (strong passwords) it’s crucially important that all admin accounts are covered by strong passwords, so make sure all users are keeping up with your security policy.
If you want to go all out to keep all your passwords safe head over to Yubikey. This system means that not only do you have to enter your username and password, but it will also require to verify you physically from your Yubikey ( a USB style key to insert into your machine).
This might seem excessive in most cases, but it’s really good if you want absolute peace of mind. If you’ve just realized that you might not be taking security as seriously as you should, speak to your web development team who should be able to give you some advice on your type of system, and how best you can keep it out of bad hands.