WordPress and Online Security

As you may have heard, bot and hacker attacks have been escalating and continuing to through DDOS (distributed denial of service) and DrDoS (distributed reflective denial of service) —  I know, your eyes are glazing over! What this means for you in simple terms is it can affect your hosting (no host is 100% immune to these attacks) and your website. Here are a few tips to keep your website and other online accounts secure:

Tips for Security and Safe-keeping of your Website and Online Accounts Secure

• Backups are NOT optional! You should have your own licensed copy of BackupBuddy (affiliate) or other reliable complete backup system like VaultPress and have your backups stored OFF your hosting. BackupBuddy offers free off-site storage. If you have an Amazon S3 account, you can have backups sent to both. It is against terms of service to store backups on hosting and for security purposes, you want your backups off-site. BackupBuddy also includes Sucuri free scanner too! Seriously, if you can’t invest in the yearly payment for BackupBuddy, it will cost you a lot more in the long run if you lose your entire site.
• Passwords for WordPress websites and all online accounts. If it’s easy for you to remember, it’s easier for a hacker. Change your password quarterly and make it strong. You can use this online password generator.
• Do not send log-in and password information by email. Ideally, you’re sending that information to your virtual assistant or web designer/developer who uses a project management system like Basecamp, or Dropbox. All sites that have an SSL certificate start with https://. “SSL” (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.
• Password Manager. A password manager stores passwords encrypted, requiring the user to create a master password; a single, ideally very strong password. Two popular password managers are LastPass and Dashlane. Tip: Do NOT use the same passwords on all sites you access (banking, website, social media, et cetera). If you do, it’s like giving everyone you meet a key to your home!
• Good hosting. Times change and it’s okay to change to a new web host. For many years I was a satisfied Hostgator client but the service and support went downhill, more frequent downtimes and slow-loading sites. Since then I have two new preferred vendors who also offer FREE Cloudflare. Cloudflare increases your website’s performance, you’re protected against a range of threats like cross-site scripting, SQL injection, comment spam, excessive bot crawling, email harvesters, and more — and it’s done automatically and will stop most attacks.
• Admin Users. If you add new users, never ever use admin as a username, it’s the first thing hackers try to exploit.
• Updates. If you’re maintaining your own WordPress website, it’s imperative you check weekly for plugin updates or set WordFence to alert you. I use WordFence on all websites I build; it’s easy to set up and works.
• Anti-virus and security software. If you are on the internet and have no anti-virus software installed, stop what you are doing and get it now! I use Norton 360; if you don’t want to pay for a premium software, AVG offers a free edition.

Bonus tool: Not a security tool but Support Details is very handy to provide information to your service vendors, troubleshooters, webmasters or virtual assistants. This tool tells them your operating system, IP address, whether you’re using flash, javascript, cookies enabled, screen resolution and more and generates the PDF to email to them.

Well, that’s it for now!! Have a question, I’m happy to answer!