Website Security Basics

Security Warning

You’ve probably seen a number of stories recently about hacked financial data and hacked social media accounts.  There was a recent attack on a vulnerability of a WordPress plugin that affected 100s of thousands of websites, effectively taking them offline.  At Primm, we regularly see sites with potential for problems.  Here are some top tips to avoid those problems.

1) Make sure your website is on an up-to-date hosting platform.

Most major hosting providers do a good job of keeping things current and secure on their servers. If you set a website up through a friend of a friend several years ago, and have kept your site there because it’s cheap, it may be a potential problem.  The servers that host your website are like any other computer: They need to be regularly updated with new software versions and security patches.  Small, low cost hosting operations frequently fail to keep current versions installed, which puts everything hosted on those servers at great risk.

2) Make sure your Wordpress Installation is secure.

It’s important that when WordPress is initially installed that file permissions are set correctly, and that all of the security best practices provided by WordPress are followed. Also, it’s a good idea to limit the number of login attempts allowed at /wp-admin within a certain time period.

3) Know the security risks of your theme.

WordPress is a versatile framework.  You can use a free theme, purchase a premium theme, or hire a programmer to hand code your design and content within WordPress. All three options have potential security risks. There are thousands of plugins available, many for free, that can pose security risks as well.  In the most recent large scale WordPress hack, the problem was a popular plugin called Rev Slider, which had been packaged within MANY popular premium WordPress themes. This made removing the compromised plugin more difficult than if it had been installed separately.

4) Regularly update WordPress to it’s current version.

WordPress usually releases major updates a couple times a year.  While it’s always best to be on the current version, there are a variety of reasons this isn’t always possible. Some hosting providers may automatically update your WordPress version, which could cause certain functions on your website to quit working since not all plugins are compatible with all versions.  For this reason we recommend that updating be done by hand.

If you have questions about keeping your site secure, give us a call at 757-623-6234. We’re happy to help!