Information security, and specifically website security, has been in the headlines over the past two weeks following the hack of Cyberserve's servers. In the case of Cyberserve, the hack was to the server itself, and in fact, the website owners (operating in closed code) could not do much to remedy the situation. Unfortunately, they were dependent on the company that provided them with website hosting services, as well as development and maintenance services for these websites.
A significant part of website security depends on the quality of the hosting service and server security. However, you, as website owners, can also help strengthen your website's security and minimize damage in the event of a hack. We are not talking about 100% prevention of hacks. That is neither possible nor reasonable. The goal is to strengthen website security and maintain proper practices that will also help to quickly restore the website in the event of a hack or data deletion.
In this article, we will offer you some basic tips for improving your website's security. Many of the tips are specific to WordPress sites, but some are more general and applicable to all types of websites.
Website Security - Basic Tips
Backup, backup, backup
If you implement only one security tip, it should be the one about backing up your website. Backing up your website in at least two copies (one stored on the server and one on your computer) will ensure that in the event of a hack, even if it is terrible and devastating, you can restore your website quickly and easily. A good website hosting service will also offer you automatic website backups on the server (Linux hosting offers backup services to every customer), but don't rely on that alone. Back up the website yourself regularly—once a day, once a week, etc. Even a slightly old and outdated backup is better than a website that has no backup at all.
If you have a WordPress website, you can easily perform backups using a plugin. It is important to back up the database, template, and media files you have uploaded to the website.
System and plugin updates
WordPress is the most popular content management system, which is why it is also a well-known target for website hacks. A basic and important step in maintaining any WordPress website is to upgrade the system and plugins to the latest version. These updates are done at the click of a button and usually go smoothly. However, it is recommended to back up the website before performing updates. Many WordPress updates address security vulnerabilities.
Strengthen passwords
Choose a long password that is easy for you to remember, or use a password manager that stores all your passwords in an encrypted form. Do not settle for a weak password, as this will provide an easy target for hackers. Ensure that all users of the site have strong passwords. If your email has been leaked or compromised in a database breach, change your password.
Protect the WordPress login screen
WordPress has a default address for the site login screen. Obviously, this information is known to hackers, and they will use it in automatic scans that you perform. In fact, if you look at the logs on the server, you will see that there are almost constant attempts to log into the site. A great way to prevent these attempts is to change the URL of the WordPress login screen. This can be done using a plugin. There are also plugins that limit the number of times you can log into the site.
Block IP addresses
Your hosting company may already block all kinds of suspicious IP addresses from hostile countries, but you can also do this yourself, using the htaccess file or through the server control panel. If you are unsure how to do this, ask your hosting company for help.
Delete unnecessary plugins
Plugins are a known security vulnerability in WordPress sites. Delete any plugins you don't need and don't install old plugins that haven't been updated in months.
And if your site has already been hacked...
If you have already discovered that your site has been hacked, you can ask your web hosting company to help you clean up your site. At Linux Hosting, we offer website cleaning services to remove viruses and hacks, and we will be happy to help you if necessary.