It’s no secret that WordPress is the most popular website content management system in the world. According to statistics published by codeinwp.com, WordPress “has 50-60% share of the global content management system (CMS) market making it the most popular CMS for the 7th year in a row.” WordPress is used by small companies as well as large conglomerates such as The New York Post, USA Today, TechCrunch, CNN, and NBC. Also, our experience as professional users of WordPress recognize its benefits with its ease of use, wide variety of available themes, SEO benefits, and versatile functionality created by plugins. It is a perfect choice for the more than 28 million small businesses in America.
No wonder it’s the fastest growing CMS, with more than 500 brand new WordPress sites being built every day. This is great news for WordPress, but with this level of popularity also comes vulnerability. WordPress is the most hacked CMS, and, according to statistics published by Sucuri Remediation Group, WordPress infections rose from 74% in 2016 to 83% in 2017.
These statistics should not be ignored, but they also should not drive you away from the platform. It is far too compelling of a website content development system for that and, with a bit of foresight and caution, can deliver unsurpassed website performance for small businesses. To this end, following are several simple steps you and your web developer can take to make sure your website is protected from attacks:
Keep Your Plugins and Themes Up-to-Date: WPScan is a free WordPress vulnerability scanner that helps security professionals test the security of their websites. They have reported that 52% of the vulnerabilities they’ve uncovered are caused by outdated or counterfeit WordPress plugins. Some of the sites are infected because a fake plugin infected with malware was installed, but many times it was because the plugin and WordPress themes were not kept current. When plugins and themes are updated, the updates usually include bug fixes or security patches. If your plugins and themes aren’t kept up-to-date, it makes it easier for hackers to break through to your site.
Add a Secure Socket Layer: A secure socket layer, also called an SSL certificate, provides an additional layer of website security by securing the data transferred between the browser and server. An SSL certificate, which can be purchased through your hosting company, used to only be necessary for eCommerce websites (sites that accept payments). However, in 2014, Google called for all websites to use HTTPS and started to rank sites using SSL higher in their search results. Google took matters further when in September 2017, they started to display the security connection in the address bar of Chrome (HTTP or HTTPS). This past July, Google started to alert visitors as to whether or not a site was secure by adding the words “Not secure” to the Chrome address bar. When Chrome (70) is rolled out this month, Google will begin marking sites that do not HTTPS in red.
Furthermore, although Google has not specifically said that they will begin to penalize sites that do not incorporate an SSL certificate. However, based on their history of dealing with algorithm changes, you can be guaranteed that the change is coming soon. In addition, having SSL helps to establish trust between the website and its visitors. This can, in turn, improve traffic numbers to your site.
Consider Adding an Extra Layer of Security: You may have a burglar alarm system for your house to protect its living and nonliving contents; why shouldn’t you do the same for your website? WordPress plugins such as Wordfence, Shield WordPress Security, and Sucuri monitor activity, scan for and block malware, and send alerts if something amiss is found on the site. This can prevent a smaller problem from becoming a bigger one if it’s taken care of right away.
Keep Complicated Passwords: This rule holds true for any website that requires a password, but it is even more important when talking about your company’s website. If you use a password that is too easy to remember such as your dog’s name you are only asking for trouble. Use a password that’s difficult to remember and change it often. You can also limit the login attempts from a single IP address to make it harder for outsiders to break in.
Backup Your Site: If your site gets hacked, you are going to need a backup. Some hosting plans come with daily site backups so that you never have to worry about losing your data. However, plugins such as Backup Buddy and VaultPress can also backup your site and restore it if necessary. Please note that it’s important to backup your site as often as you update it or run maintenance on it.
These are just some of the measures you can take to protect your website and dramatically reduce the chance that your site gets hacked or infected. If you need help in getting your website more secure, or if you have any questions about SEO, web design, or marketing please contact us today. We are happy to help.
Recent Comments