Everyday there is a story on the news about digital information being compromised. Whether it’s your friend’s e-mail account being hacked, or the release of CitizenFour, ( the real-life film of Edward Snowden’s exposure of NSA surveillance) data security is important to all of us – and WordPress sites are no different.
Why should we take security on WordPress so seriously? Simply because having your website compromised is a massive pain. Do you like the idea of spending a day or two getting a backup of your site installed on a new server? Even worse, you don’t have a backup and need to get a whole new site-and that’s just websites without sensitive data.
Here’s some super simple steps that anyone can take to keep a website more secure.
Make Sure You Have Strong Passwords
This is by far the easiest step you and you can implement it immediately. Hopefully you already have.
If you don’t have a strong password please fix this right now!
“But It’s So Hard To Create/Remember Good Ones”- sure it is. But we’ve got a little trick to make it easier. Make a story, or a sentence e.g. “ I arrived at Beijing in the summer of 2007”
Now select parts of this sentence and make them into a password like this:
Sure it’s going to take you about a week to get used to it, but at least you can write down the original sentence somewhere without giving the game away. Keep the actual password on a piece of paper somewhere for 2 weeks and throw it out once you’re sure you’ve got it locked into your head. If you’re worried, keep a sheet under the bed with your sentences.
Another way to overcome the passwords problem is to use a password plug-in for your browser like Lastpass. It works with your browser and remembers all your passwords for you. It will even create new and complex passwords that are hard to hack.
All you have to do is remember the master password for your account, and hey presto! Lastpass also has a mobile app, so if you’re at a friend’s machine you can use it to retrieve your passwords. Is it safe? Very. By using a system that means that the software in your machine deals with your password, even Lastpass themselves can’t get to it. The vault where they are stored is very heavily encrypted so that even Lastpass themselves couldn’t access them if they wanted to.
Check Regularly For Updates
Updates generally are there for a good reason.WordPress is a non-profit organization, so it has no motive for releasing updates, except for the fact that they are there to improve things for their users.
Updates are there to fix bugs, deal with security features issues and bring in new features.
The only way for you as a WordPress site owner to deal with these issues, is to log-in and update your security on a regular basis. It takes less than 5 minutes to log-in to your site and do few clicks to update, so really there is no excuse.
Protect Your Admin Access
Have you been using ‘Admin’ as the username on your site? Bad idea. Why? That’s the first word that any hacker is going to use to try to access your site. Anything other than ‘Admin’ is a massive improvement.
Going back to number 1 (strong passwords) it’s crucially important that all admin accounts are covered by strong passwords, so make sure all users are keeping up with your security policy.
If you want to go all out to keep all your passwords safe head over to Yubikey. This system means that not only do you have to enter your username and password, but it will also require to verify you physically from your Yubikey ( a USB style key to insert into your machine).
This might seem excessive in most cases, but it’s really good if you want absolute peace of mind. If you’ve just realized that you might not be taking security as seriously as you should, speak to your web development team who should be able to give you some advice on your type of system, and how best you can keep it out of bad hands.
Sign up to our regular newsletter with our latest blogs posts and news!
Eggplant Digital helped us focus on exactly what we wanted the website to do and how we wanted people to interact with it. Then they built a site that exceeded all our expectations. They met every deadline, even when we missed a few ourselves. These guys are the best in the region without a doubt. They will be my first call next time around and the last call.
Since the site went live, a year ago, we’ve seen a significant rise in enquiries for work through the website. This has been a fantastic boost for the growth of our business. Thanks to the Eggplant team!
Andrew Clark, Group Creative Director/DP
Woo hoo! Looks awesome. I am very pleased to say the least. Everyone at Eggplant, great job and thanks for the hard work.
Eggplant have been fantastic – not only do we have a great website for a reasonable price, but their technology and marketing tools for our company have exceeded my expectations.
Mark Varley CEO
From their input on the initial design to their meticulous care in continuing to tweak the websites until they were exactly what we needed, I couldn’t have been more pleased with the job they did. Both their design work and back-end programming have had a profound impact on our work in China.
Gabriel Suk - Founder
The site looks great and will be the envy of our industry. Thanks for being so patient with us. We can proudly say we have created the best website for a film company in China.
From the concept phase through to deployment I have been very impressed by the quality of the service delivered by Eggplant and the end result speaks for itself.Their patience in dealing with my constant queries and changes was also admirable!
Colin Saunders - Sales and Business Development Manager
Thank you for all your help in creating our website, we had a great experience and we are really happy with the end result! In just a few weeks since we went live, we have already had a lot of praise from our customers about the new website!Â