Over the past year or so I’ve been spending more and more time helping my existing clients as well as new clients deal with the threats of hackers and malware. And unfortunately when even tech giants like Yahoo, Twitter, Godaddy and even Apple are getting hacked, don’t dare think you’re immune. As a site owner it’s your duty to protect your client’s information, whether it’s just an email address they use to log in or banking info for your e commerce site. That’s why it’s important to stay proactive and protect your site. Wait too long to deal with a malware infection and you’ll get blacklisted by Google and that’s a real hassle. Nothing says bad for business like a big sign saying ” This site may harm your computer ” when users try to log into your site. So to help you guys out let’s take a look at some tips to help you secure your site. Please note, most of the tips here are going to be for WordPress because that is what I predominately deal in. However a lot of the tips can be applied to other websites so glean what you can and use what you will.
For starters you can check out this link on what WordPress has to say about “hardening” your site, which is a way of changing certain settings to make it harder for the wrong people to gain access. Read “Hardening WordPress”.
Okay, now let’s get down to basics shall we?
- Make sure your webhosting is secure. Your webhosting needs to have topnotch security measures to make sure your data is protected. If one site on a server gets infected, it could easily lead to other sites on that same server being infected. So make sure your servers are up to date and have the highest level of security. For example the servers I use for hosting are continually upgraded to the latest software and have the highest level of security you can get. If you have questions about your host’s security give them a call. It never hurts to ask.
- Make sure your passwords are secure. This seems like a no brainer but you would be surprised how many people use the easiest thing they can think of for their password. (12345…) It’s essential to have a password that is a combination of letters and numbers and/or symbols. Coming up with better passwords is one of the easiest things on this list so don’t flub on this one!
- Keep WordPress and all of your themes and plugins updated. This is another routine one that a lot of people miss. You don’t know how many times I’ve agree to do work for someone and logged into their WordPress site only to find that every plugin, theme and even their core WordPress install are badly out of date. Sure the site still works fine but the point is that these updates usually contain security patches for your site so the longer you let it lapse the worse the security vulnerabilities will be. Once again, updating your files is as easy as clicking a button, don’t sleep on this!
- Clean out the clutter. Have you ever tried out a plugin only to decide it doesn’t work right so you deactivate it. Do you delete it or do you have a plugin folder sitting full of unused plugins? If the answer is the latter then you need to go right now and delete any plugins that you do not use. This plugins can be exploited in some cases to allow malicious programs into your WordPress site. The same goes for unused Themes. My advice is to remove all plugins and themes that you don’t use. Period.
- Install a firewall. I’ve installed firewalls for several clients and I use one myself. I’ve been extremely pleased with the results. They aren’t 100% fool proof, but they greatly reduce the chances of your site getting infected with Malware. There are a ton of firewall plugins for WordPress, I personally recommend OSE Firewall. I’ve used it on a variety of sites and I have far less problems with a site that has the firewall installed on it than ones that do not. If you need any help installing it, contact me. I’ve installed it tons of times and would be glad to help you out.
- Be proactive, monitor for malware. It is really important to constantly monitor your site for signs of malware infection. As I mentioned above, if you wait to long you will end up on Google’s blacklist and it will block anyone from entering your site with a less than subtle warning screen. You don’t want that for your business. There are several things you can do to keep an eye out for malware. One is to use a service such as Sucuri, which allows you to scan your site for malware for free. Also you can sign up for a Malware Protection service, such as the one offered by Sucuri. I also offer one for clients hosted on my servers that protects them and automatically cleans their site should infection show up. That way there is no hassle on them. Check with your webhost to see if they offer this kind of service, it can really take the headaches out of dealing with malware infections. If you have any questions about these type of services or want to ask about signing up, contact me and I’ll be happy to help out.
- Clean up any malicious activity you find! If you’ve signed up for a malware service then you won’t have to worry about cleaning it up. Otherwise if you feel you have the chops, once you find the malware you’ll have to remove it. It can be a hassle, especially if it’s a high level hack but if you know your code you should be able to clean it out. As always if you’re in the middle of trying to clean something up and need help, hit me up I’ll be glad to help you out!
Well that’s it for this time. The main thing with keeping your site safe is to stay alert and pay attention to your site. Unattended sites are malware’s ideal target. But if you keep up with your site and follow the suggestions I’ve posted you should be able to keep your site and your users safe! Talk to you guys soon!