Last Updated on August 15, 2019 by Fabrizio Van Marciano
Are you literally waiting for your website or blog to be hacked into, or infected with a virus before you take action? That's probably not a good idea.
So, guys and dolls, last Monday, I woke up to the news that one of my websites had been infected with Malware.
This is something that no website owner wants to learn about, especially if your website is an integral part of your business.
And the thing is, it's so easy to overlook the importance of website security these days.
Not to mention that we're just busy getting on with our day-to-day activities of running our online businesses. The last thing on our minds is that our website could get hacked into at some point.
And the other thing to remember is this:
Even if you do happen to have all the necessary security measures in place, there's no real guarantee that your website will ever be 100% safe from harm. That's just not possible.
WordPress hackers are getting smarter every day, and I think business owners should get even smarter about their website security.
You simply cannot have the attitude of;
"Well, it hasn't happened to me so I'm fine".
or, "My website is far too small for hackers to be interested in it".
That may be so, but you've still got to make sure you have something in place just in case the inevitable happens.
So, without waffling on any further, let me share with you 5 small but critical things I recommend you do to help keep your WordPress website secure -
Let's get started.
1. Keep WordPress, themes, and plugins updated - If you're on WordPress, always keep your version updated. Do the same for your themes and plugins.
Yes, I know this sounds like I'm giving you obvious and generic advice, but you would be so surprised at how many client websites I've worked on, where I've discovered themes and plugins to be years out of date.
Don't wait for weeks or even months to finally get around to updating WordPress, your themes and plugins.
Many of the theme and plugin updates are small bug and security fixes, so take this seriously and make sure you upgrade when updates become available.
2. Backup your WordPress website - And I don't mean use a free backup plugin you found on some random website.
I also would 100% NOT recommend allowing your web host provider to create backups for you. If your host decides to shut your websites down for any security reason, it's bye, bye backups too.
Instead, use an external professional backup service that will provide you with all the tools and options you need to restore your website if you ever need to. Something like BlogVault, which I use and highly recommend myself.
3. Scan your website - Your website can definitely be more vulnerable if you're on WordPress.
According to a 2017 hacked website report published on Sucuri, WordPress infections rose to a staggering 83% in Q3 of 2017, from 74% the previous year.
That number sounds pretty big, but you have to consider that WordPress is the most widely used CMS on the web.
Again, I would NOT recommend relying on your web host to provide you with a website security solution. While many web hosts claim that their service is secure, robust, and everything else in between, which probably is the case to some degree, I'm pretty sure it's to the absolute bare minimum.
Use a professional WordPress security plugin like Sucuri or WordFence to setup your Firewall, block IP's and countries engaging in dodgy online activities, repair files, and to reinforce your overall website security.
I now use WordFence Premium myself to scan my websites daily for any issues that need resolving quickly.
4. Scan your computer daily - You know, security starts right at home, right?
So, make sure you have some decent security software on your home or work computer, especially if you're downloading a lot of content from the web, such as images, videos, graphics, etc. to include on your website or in your blog post projects.
If possible, scan every file before you upload them to your WordPress site too.
5. Keep up to date - Finally, ensure you're always kept up to date with all the latest vulnerability and security news and trends. Sucuri and WordFence frequently publish content that is both useful and actionable for keeping in the 'know' on how to maintain a safe and secure WordPress website.
At the end of the day, and like I said at the beginning of this post, there's no guarantee that whatever precaution you take will keep your websites and blogs 100% safe.
But, you'll certainly reduce the risk of being hacked or having a website infected with nasty Malware in the future.
Don't leave your WordPress website vulnerable guys and dolls, really, don't!
If you want to get more detailed tips on WordPress security, check out these posts below.