Keeping Your WordPress Website Secure in an Insecure World

With data breaches, hacks, identity theft, and cyber espionage becoming near-constant fixtures in the news, the very idea of cybersecurity is beginning to look somewhat suspect. After all, if megalithic institutions like the US Federal Government, Sony, and Target can’t cover their bases, what hope does your website have in protecting its data? This can be especially daunting for web properties that hold extremely sensitive personal information, and can play a huge role in financial and bank web design.

While there’s no such thing as a perfectly secure website, there are a few basic, common sense steps you can take to minimize your risk. Since October is Cyber Security Awareness Month, it seems a good time to look at the most important ones:

  • Keep your site updated

The bulk of vulnerabilities in WordPress don’t come from the main system itself, but rather from plugins and themes. Be sure to keep them up-to-date, only install plugins from credible sources, and if they’re no longer supported, look for possible replacements: an old plugin with a known vulnerability might be leaving the door open to a litany of cyberattacks.

  • Get an SSL certificate

If you’re running an e-commerce site, an SSL certificate (shown as an https: and a little lock next to your URL) is a must-have, but if you have any kind of information you wouldn’t want out in the world, getting one is a good idea. SSL works by encrypting information sent to and from your website and helps to keep information out of the hands of hackers. Google has gone so far as to declare SSL as a ranking signal for their search results to encourage people to more widely implement them.

  • Use a security plugin

There are a wide variety of plugins for WordPress that help to address some of the most common vulnerabilities, from permissions errors to malware scans.  A good security plugin will help take care of the heavy lifting for a wide variety of tasks. We at Watermelon have been impressed by WordFence, but others such as WP Security do a good job as well.

  • Be careful with your user accounts

Is there someone at your workplace who keeps their password on a post-it on their computer? Does that post-it also happen to be the same thing as their pet’s name, their vanity license plate, or is it simply ‘password?’ If they have an admin account on your WordPress site, all of the security in the world won’t help keep your site locked down – make sure anyone with access to your site keeps good data hygiene: change passwords often, disable old accounts, and keep the following rule in mind: any system is only as secure as its least careful user.

Work With Us

We've been building websites for over twenty years, and have learned a thing or two about how to make web projects go smoothly.