Protecting Websites from Hacking: 10 Tips to Keep Your Site Safe

With the increase in CMS systems such as WordPress, many sites have been subject to hacking, spam, phishing and malware. WordPress sites power 30% of the web, lending itself to be a target to attacks. Whether you have a personal or business website, protecting your website and all the time and money spent on it can be overlooked. There are a number of simple ways in which you can secure your site and reduce your risks of being hacked 

 

Secure Passwords

This might seem obvious, but you’d be surprised at how many people still use simple passwords to access their website. A strong password will contain a mixture of lowercase and uppercase letters, symbols and numbers. 

 

Limited login attempts 

A limited number of login attempts will prevent someone from entering in hundreds of username and password combinations. Most security plugins as detailed below will include this checkbox.  

 

Security Plugins

A security plugin will add that extra layer to your site. Some highly recommended plugins are: 

  • Sucuri Security 
  • Wordfence Security 
  • Wordfence  
  • All in One Wp Security and Firewall 

All of these plugins have different levels of customisation as to how secure you want your site to be. They include features that include whitelisting users, alerts when someone tries to log in to your site, password generators, firewalls, changing the database prefix and scheduling backups.   

 

Change the Database prefix

WordPress creates database tables when you create your site with the prefix ‘wp_‘. You can change this in the wp-config file when creating your site to something that will be harder to guess.  

 

Changing WP-admin

Figuring out a site is built by WordPress is easy, then hackers will know to use /wp-admin to try and access your website. Most people never change the ‘admin’ username so this will be the first thing they will try when guessing the credentials.  

 

SSL Certificate

It goes without saying that an SSL certificate is an important addition to your site. You can tell if a site is secure by the padlock icon in the address bar. Any sensitive information such as credit card details, passwords, usernames etc. can be viewed by anyone if the site does not have an SSL certificate. An SSL certificate also provides trust between the user and the website, meaning they will be more likely to use your website or purchase any products.  

 

Update your site

It becomes all to easy to forget to update your site, leaving your site in a vulnerable position. As soon as an update becomes available for your site, whether that be the CMS itself or a plugin, you should update it straight away.  

 

Set Appropriate User Access Settings

If your site has multiple users, then make sure that each user has the appropriate user access settings. You can hide full administrator settings from users that may use the site to update something on the website or create a post and prevent them from accessing core files or installing plugins.  

 

Backup your site

If you do find yourself in hot water, then having regular backups will ensure your site is up and running in no time. These can be automatic, i.e. once a week so you don’t have to remember to back it up yourself.  

 

Choose plugins carefully

If you do find yourself installing a plugin, wait! Check when it was last updated. If a plugin was not updated recently i.e. its been over a year then its more than likely that the plugin is not being developed further and it may cause conflicts with current versions of the CMS or other plugins.  

 

We offer maintenance and management services for your website, which includes regular updates, site security and backups. To find out more or to add Pepr to your website then get in touch with us and we’d be happy to help.