In a previous post titled “So, Why Does Google Want Us To Use SSL?” we shared that there is NO security guarantee, especially because there are a few different areas of vulnerability. No area is more important than local or at the personal computer management level. The threat always evolves SO security is a continuous process. It as much about securing your local computer, your personal processes and behavior as it is managing website configurations.
Be assured – security stems from people, process and technology – they must all work together!
How To Improve Website Security Locally At The Personal Computer Level
As website administrators’ & owners, here are the actions we can all take to harden & improve our personal processes and behavior in order to improve website security:
- Limit Access: Minimize administrative access to website dashboards. The fewer people with Admin’ status, the less exposure to mistakes.
- Raise The Website Login Bar: Respect usernames & passwords, encrypt them with non-dictionary-based words and include a combination of lowercase & capital letters, numbers and/ or symbols;
- Host Choice: A little knowledge (or help) for what different host & service packages offer will help. For instance, shared host plans may be a compromise. The cheaper the plan the more closely you may want to look; whereas, a good managed dedicated host plan should improve security a great deal.
- Backups: Reliable database & theme backups, including testing to be sure a website can be restored from its backup if it is damaged.
- Stay Up-to-Date: Stay up to date (or get help) with WordPress updates that not only advance the software’s features BUT harden its code against vulnerability. There should be an administrative support in place that checks the status of the site’s extensible components with some frequency.
- Trusted Sources: Do not load plugin applications or themes from sources not vetted as trusted and reliable. Sorry folks, but FREE is becoming a recipe for disaster. Malicious people and organizations will distribute free ‘nulled’ plugins and themes with malicious code. So don’t just load up anything that comes down the pike.
- Security Updates and News: Security vulnerability affects all software, WordPress being no different. To stay current, subscribe to reliable sources of information in order to be informed of the latest issues & trends.
- Security Software: Use security software that not only helps protect in real-time by perpetually searching for Malware, Viruses and security vulnerabilities, but that firewalls identified attacker IP addresses. Even entire country blocking, temporarily or permanently, should be possible.
- Working Environment: Be sure the local computer, browser and routers are up-to-date, free of spyware, malware, and virus infections. Antivirus ( = malware that spreads from PC to PC ) and anti-malware software is recommended. Also secure your mobile devices. Install any updates as soon as they are available.
- Personal Passwords: The goal with a username & password is to make it difficult for others, including machines, to guess. Hard for even a brute force attack to succeed. A key to this is making it Complex, Long, and Unique. And if an IP fails to enter a couple times, maybe 3 times, than to deny that IP
And while personal practices and computer management are everyone’s responsibility, this post does not suggest busy professionals can handle it all; it does however suggest there should be knowledgeable WordPress support. And please, ask us about Advanced WordPress Security and Host Management