Web Security Basics & 10 Worst Passwords of 2015

When people think of security, they often think of passwords or codes, SplashData recently released a list of the “worst passwords” of 2015. Topping the list at unchanged positions from 2014, “123456” and “password.” Other notable mentions include: 12345, 12345678, qwerty, 1234567890, 1234, baseball, dragon, and football.

Most of these are sequential numbers, regular or predictable words, and are fairly simple to memorize. Making a password at least eight characters long with a mixture of letters, symbols, numbers and capital letters will go a long way toward keeping your information safe. Want to find out how strong your password is? Check with this handy tool.

But security doesn’t stop at your password, your website can be at risk for multiple reasons. At Primm, we regularly see sites with security problems. Here are some top tips (other than just a secure password) to avoid those problems.

1) Make sure your website is on an up-to-date hosting platform.

Most major hosting providers do a good job of keeping things current and secure on their servers. If you set a website up through a friend of a friend several years ago, and have kept your site there because it’s cheap, it may be a potential problem.  The servers that host your website are like any other computer: They need to be regularly updated with new software versions and security patches.  Small, low cost hosting operations frequently fail to keep current versions installed, which puts everything hosted on those servers at great risk.

2) Make sure your Wordpress Installation is secure.

It’s important that when WordPress is initially installed that file permissions are set correctly, and that all of the security best practices provided by WordPress are followed. Also, it’s a good idea to limit the number of login attempts allowed at /wp-admin within a certain time period.

3) Know the security risks of your theme.

WordPress is a versatile framework.  You can use a free theme, purchase a premium theme, or hire a programmer to hand code your design and content within WordPress. All three options have potential security risks. There are thousands of plugins available, many for free, that can pose security risks as well.  In the most recent large scale WordPress hack, the problem was a popular plugin called Rev Slider, which had been packaged within MANY popular premium WordPress themes. This made removing the compromised plugin more difficult than if it had been installed separately.

4) Regularly update WordPress to it’s current version.

WordPress usually releases major updates a couple times a year.  While it’s always best to be on the current version, there are a variety of reasons this isn’t always possible. Some hosting providers may automatically update your WordPress version, which could cause certain functions on your website to quit working since not all plugins are compatible with all versions.  For this reason we recommend that updating be done by hand.

If you have questions about keeping your site secure, give us a call at 757-623-6234. We’re happy to help!