As you may have heard, bot and hacker attacks have been escalating and continuing to through DDOS (distributed denial of service) and DrDoS (distributed reflective denial of service) — I know, your eyes are glazing over! What this means for you in simple terms is it can affect your hosting (no host is 100% immune to these attacks) and your website. Here are a few tips to keep your website and other online accounts secure:
Tips for Security and Safe-keeping of your Website and Online Accounts Secure
- Backups are NOT optional! Backup systems/plugins like VaultPress or Updraft keep your backups stored OFF your hosting. If you have an Amazon S3 account, you can have backups sent to both. It is against terms of service to store backups on hosting and for security purposes, you want your backups off-site.
- Passwords for WordPress websites and all online accounts. If it’s easy for you to remember, it’s easier for a hacker. Change your password quarterly and make it strong. You can use this online password generator.
- Do not send log-in and password information by email. Ideally, you’re sending that information to your virtual assistant or web designer/developer who uses a project management system like Freedcamp, or Dropbox. All sites that have an SSL certificate start with https://. “SSL” (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser. This link ensures that all data passed between the web server and browsers remain private and integral.
- Password Manager. A password manager stores passwords encrypted, requiring the user to create a master password; a single, ideally very strong password. Two popular password managers are LastPass and 1Password. Tip: Do NOT use the same passwords on all sites you access (banking, website, social media, et cetera). If you do, it’s like giving everyone you meet a key to your home!
- Good hosting. Times change and it’s okay to change to a new web host, whether it’s shared or managed hosting.
- Admin Users. If you add new users, never ever use admin as a username, it’s the first thing hackers try to exploit.
- Updates. If you’re maintaining your own WordPress website, it’s imperative you check weekly for plugin updates or set WordFence to alert you.
- Anti-virus and security software. If you are on the internet and have no anti-virus software installed, stop what you are doing and get it now! I use Norton 360; if you don’t want to pay for a premium software, AVG offers a free edition.
Bonus tool: Not a security tool but Support Details is very handy to provide information to your service vendors, troubleshooters, webmasters or virtual assistants. This tool tells them your operating system, IP address, whether you’re using flash, javascript, cookies enabled, screen resolution and more and generates the PDF to email to them.
Well, that’s it for now!! Have a question, I’m happy to answer!