If you have an effective website that drives traffic and generates leads, you know how valuable it is. Due to the value of your website, it is critical that it stays secure and free from hacks.
But do you know the two main ways hackers enter a website?
If you can protect yourself against plugin vulnerabilities and brute force attacks, you are accounting for over 70% of the hacking problem.
Plugins are a way to customize your site with a specific feature. For example, you can add a “site stats” plugin to be able to measure the traffic to your site. There is an incredible selection of plugins available for download. But how do you avoid plugin vulnerabilities?
Keep them updated
Benefit from fixes before attackers exploit them by updating plugins as updates become available.
Don’t Use Abandoned Plugins
When you go to download a plugin, look to see when the last update was released. If it was not recent (within the last 6 months), stay away.
SDB Helps Secure Your Site
Contact us today!
Conduct a plugin audit quarterly to be sure your plugins haven’t been abandoned (no more updates).
Know Where They Come From
Make sure the website you are downloading the plugin from is reputable. To be safe, stay with plugins available in the WordPress repository.
Brute Force Attacks
A brute force attack is simply a username and password guessing attack. To avoid brute force attacks, don’t use obvious login credentials. For example, stay away from common logins like “admin” and “password.” Even names of people within the company aren’t safe. There are various resources to generate strong passwords. At SDB, we like www.passwordgenerator.net.
Other tips for website security are to keep everything up-to-date. If you see there is a plugin or theme update available, respond quickly. Along the same lines, keep your operating system and applications up-to-date. Old browsers can make you vulnerable to attacks. Also, be sure you store passwords securely. Never trust a plaintext document for password storage. Finally, delete any old data that is no longer needed on your website (log files, backup files, applications, etc.) The less you have to protect, the lower your risk.