Protecting Your Website (How to Protect Yourself Online, Part 2)If you’re like most writers, you’re usually scrambling to keep up with your schedule, leaving precious little time for anything but immediate concerns. On any given day, protecting your website might not seem as important as meeting your word count goal, getting a blog post written, or preparing for that upcoming speaking engagement.
This is the kind of mindset that puts us at risk, as I can testify from personal experience. When it came to website security, I was a babe in the woods, but I planned to figure it out in time. Ah, but time ran out. My websites were targeted by hackers, and I had to learn how to protect them on the speed plan.
Protecting Your Website
1. A website needs to be behind a firewall, more than ever today. Maybe like me, you didn’t even know firewalls for websites existed. Take a look at this hacking activity map, which measures attacks per minute for sites protected by Wordfence, a popular website security service, and you’ll understand why.
The two website firewalls I recommend are Wordfence and Sucuri. Be aware that Wordfence can be high on CPU usage, and I found their customer service to be lacking, but using this plugin opens your eyes to real-time attempts to hack your website. The interface for the Sucuri Scanner plugin is user-friendly, and the customer service is wonderful.
2. Website scanning should be done regularly. Both the Wordfence and Sucuri plugins offer website scanning and malware removal. If you believe your website has been hacked, letting your website hosting service provider know may prompt a scan of your website’s root files.
3. Some web hosting providers are more secure than others. Make sure you are with a reputable company with a proactive approach to internet security. Consumer Rankings recommends its top 10 website hosting picks for 2015.
4. Use as few plugins at your website as possible. Besides slowing your site load speed, every plugin comes with a share of risk. Some are more secure than others, so do your homework and choose wisely. Be especially careful of any plugin that interfaces with an account you create at the developer’s website. Delete any plugins you aren’t using. You can always add them back if you want them later.
5. Keep all software and plugins at your website current. Updates often include fixes for security vulnerabilities.
6. Disable WordPress user accounts unless you really need them. This removes a potential vulnerability while saving me the annoyance of spam sign-ups. Since some of these accounts were created by legitimate users, I emailed explaining what I intended to do and inviting them to subscribe to my mailing list instead.
If you allow WordPress user accounts, make sure to review their permissions.
7. Hire a security firm when you need one. When you are completely disrupted and in over your head, it’s worth the money to hire help. There’s nothing like knowing you have some powerful new friends who understand how to protect your websites on your side. I went with Sucuri Security and do recommend them. For the record, I’m not an associate, just a happy customer. The cost was about $200 per year, which although a little stunning to put out for two websites, is a good deal for what I received. They scan my websites and cpanel regularly, and also went through them manually until they were completely secured. My website logins and cpanel are now behind white-listed security pages.
8. Keep your computer clean and updated. Accessing your website from a compromised computer is just asking for trouble.
9. Strong passwords are essential for website security. To create a strong password, use a combination of numbers, letters, and punctuation marks in a completely random order. Not all attempts to guess a password are from robots, which makes basing a password on a word a bad practice. Passwords should be unique to an account and be at least 18 characters.
10. Enable partial feeds rather than full feeds. This helps protect your content from scrapers, those who automatically pull feeds into another site without providing backlinks.
Tightening your website’s security takes effort but brings peace of mind that makes it worth the work. Protecting your website while you are not being hacked means that you won’t have to make adjustments under duress.
For more tips, read part one: Protecting Yourself Online.