In a previous post titled “So, Why Does Google Want Us To Use SSL?” we shared that there is NO security guarantee, especially because there are different areas of vulnerability – none more important than local/ personal computer management. The threat evolves SO security is a continuous process; it’s as much about securing local computer personal processes and behavior as it is managing website configurations.
Be assured – security stems from people, process and technology – all working together!
How To Improve Website Security Locally At The Personal Computer Level
As website administrators’ & owners, here are the actions we can all take to harden & improve our personal processes and behavior in order to improve website security:
- Limit Access: Minimize administrative access to website dashboards. The less people with Admin’ status, the less exposure to mistakes.
- Raise The Website Login Bar: Respect usernames & passwords, encrypt them with non- dictionary based words and include a combination of lowercase & capital letters, numbers and/ or symbols;
- Host Choice: A little knowledge ( or help ) for what different host & service packages do and do NOT offer, for instance that shared plans are probably a compromise is a first step. The cheaper the plan the more you may want to concern yourself; whereas, a good managed dedicated host plan should improve security a great deal.
- Backups: Reliable database & theme backups, including testing to be sure a website can be restored from its backup if it is damaged.
- Stay Up-to-Date: Stay up to date ( or get help ) with WordPress updates that not only advance the software’s features BUT harden its code against vulnerability. There should be an administrative support in place that checks the status of the site’s extensible components with some frequency.
- Trusted Sources: Do not load plugin applications or themes from sources not vetted as trusted and reliable. Sorry folks, but FREE is becoming a recipe for disaster. Malicious people and organizations will distribute free ‘nulled’ plugins and themes with malicious code. So don’t just load up anything that comes down the pike.
- Security Updates and News: Security vulnerability affects all software, WordPress being no different. To stay current, subscribe to reliable sources of information in order to be informed of the latest issues & trends.
- Security Software: Use security software that not only helps protect in real-time by perpetually searching for Malware, Viruses and security vulnerabilities, but that firewalls identified attacker IP addresses. Even entire country blocking, temporarily or permanently, should be possible.
- Working Environment: Be sure the local computer, browser and routers are up-to-date, free of spyware, malware, and virus infections. Anti- virus ( = malware that spreads from PC to PC ) and anti- malware software is recommended. Also secure your mobile devices. Install any updates as soon as they are available.
- Personal Passwords: The goal with a username & password is to make it difficult for others, including machines, to guess. Hard for even a brute force attack to succeed. A key to this is making it Complex, Long, and Unique. And if an IP fails to enter a couple times, maybe 3 times, than to deny that IP
And while personal practices and computer management are everyone’s responsibility, this post does not suggest busy professionals can handle it all; it does however suggest there should be knowledgeable WordPress support to manage what you may not be able too. And please, ask us about Advanced WordPress Security and Host Management