Computer security is one of those buzzwords you often hear but may not clearly understand. Some types of security are pretty easy to wrap your brain around. Home security, car anti-theft devices and even a simple padlock are examples of security we can all understand. Your website, however, doesn’t have a keyhole or a blinking red light to let you know it is safe.
Let’s take a look at the different aspects of computer security and how they can apply to your website. After all you don’t want your business to become the next security hack article on a tech blog.
What Is Computer Security, and Why Do You Need It?
Computer security wasn’t as much of an issue in the days before constant internet connectivity. The only ways someone could get onto your computer was to physically be at the keyboard, trying to figure out what your passwords are while you weren’t home, or to just take the whole thing from your house. Then the internet arrived.
With all of the wonderful things that the internet brings us, it also brings the bad. Your computer, as soon as it is powered on, is connected to the entire world. Unfortunately, there are lots of bad guys out there who would like to steal things from your computer.
Your Personal Computer
Your personal computer holds tons of information about you that hackers can use. Credit card numbers, bank accounts, bills that you are paying, addresses, email accounts and even photos can be stolen from your personal computer by hackers. This is your digital identity; with it hackers can steal your hard earned money, your credit or your identity.
Keep your personal computer safe by using HTTPS websites wherever possible. HTTPS is a secure method for access websites. Communications between your computer and the web are encrypted, so the traffic is harder for hackers to read.
Be careful when connecting your computer (or other mobile devices) to public Wi-Fi. This includes hotels, Starbucks or anywhere else that has public access. Hackers can exploit these networks to get personal information from your devices.
Your Business Website
First of all, if your business website was hard to find, it wouldn’t be a very good website. That means that you need to advertise its presence to the Internet or improve your SEO. But, it also means your website will be a free and open invitation for hackers to come and see what you are offering. This comes with the territory, sadly.
Now, what could hackers possibly want with your website? Well, just like your home computer, you website might have crucial information about you or your business that can allow them to steal your identity. More importantly, you may be storing customer data, a nearly limitless resource for all sorts of computer criminals.
What about WordPress?
You may be surprised to know that if your site runs WordPress, you already have a degree of security capability built in. But, unless you take some additional proactive steps, hackers can find ways to exploit even the best content management systems (CMS), allowing them to gain access to parts of your site that are not protected.
WordPress is open source software that hackers can obtain and experiment on to find exploits. As they find them, WordPress developers will patch those issues so that they can no longer be used. Therefore, even if you are totally up to date with all of the other security on your website, an unsecured WordPress installation can be a back door for hackers to sneak into your site.
How Do I Secure WordPress?
There are several ways that you can go about keeping security tight for WordPress.
- Keep WordPress Updated – Just like the operating system on your personal computer, WordPress puts out patches that address security issues. As the developers for WordPress see that hackers have found an exploit, they fix that hole in the software. If you are not running the latest version of WordPress, then you are putting your site at risk for being hacked. Keeping up-to-date by running the latest version is one of the best (and easiest) ways to keep safe.
- Limit WordPress Installs – While there are several legitimate reasons to be running more than one copy of WordPress, you need to make sure there’s a good reason for them. You may have also tried to install WordPress a few times before getting the hang of how to set it up. Are these old installations still sitting around? The only installations of the software that should be active on your site are the ones that are currently being used (and maybe a development environment for testing changes). Having more than that can actually lead to cross-contamination of your sites and create vulnerabilities.
- Lock Down Default Admin Functions – Because WordPress is available to anyone that wants to use it, hackers are aware of what the default settings are. This includes things like “wp-admin” as your administrator URL and “admin” as the default user name. Even if you aren’t using these, they can provide a vulnerability into your website if you have not deleted or changed them. Once you get WordPress up and running, you need to delete the Admin account and change your wp-admin URL. This will prevent hackers from having a very easy way into your site.
- Get Rid of the Clutter – Are you using all of those themes? What about all of those plugins you had every intention of installing but found out were just too difficult? Themes that sit around and plugins that go unused are all just exploits waiting to be found. The more common the theme or plugin, the easier it is to exploit. Keep the clutter off of your site by deleting all of the unused themes and plugins that you just aren’t using.
- Use Security Plugins – WordPress wants you to keep your site secure, and software developers also know that you want to keep your site secure. This is why third party tools such as Sucuri, iThemes and WordFence exist to keep WordPress locked down.
A Word on Passwords
Passwords are very important for keeping a site safe. Having a password of “password,” “admin” or “1 2 3 4 5” is an invitation for hackers to break into your website. It would be the same as leaving the keys to your brand new house sitting in the lock.
When crafting passwords, be sure to make a strong password. That means not only using letters or numbers, but combining them along with punctuation marks. Instead of using words, using the first letter of each word in a phrase can produce something that makes no sense to hackers but makes perfect sense to you. Consider the phrase “Keep this password a secret or face the consequences.” You can easily turn that into the password “kTpA$oFtC.” What hacker is ever going to crack that? They will make a few attempts and then move on.
Another option is to use a password manager like LastPass. These are software programs that will store a master password (that is encrypted) and then store long strings of characters and numbers for your website passwords. You keep your master password, and LastPass does the work of keeping your online accounts safe.
Sometimes even the best security can fail. Hackers will and do find a way in. Hopefully, some of the suggestions above will make your site less of a target and keep the hackers frustrated
To really put your mind at ease, consider one of ClickHOST’s web hosting plans, which include hacker monitoring and premium spam filters. We’re here to make web hosting simple.