5 Ways Business Owners Can Protect Their WordPress Site
Tech expert Daniel Foster talks with industry experts to get key tips on how to protect your business’ WordPress site against cybercrime
An estimated 23% of all websites on the internet are now hosted on the WordPress (WP) platform. And with thousands of plug-ins and templates that make it easy to create a tailored website, WP is extremely appealing to businesses. However, its accessible and the fact that anyone is free to edit its code means that security risks can be high. Lack of training and application of security precautions amongst WP users means they are increasingly becoming vulnerable to threats.
WordCamp London welcomed hundreds of WP professionals last month and I was amongst the attendees, and took the opportunity to chat to WordPress experts about how users can safeguard their sites.
Check your business website’s coding
Phil Wylie, WP developer at ecommerce specialist, iWeb, has come across a lot of premium WordPress themes that have had issues recently. He said that “because it’s the responsibility of the license holder of the plugin to update and distribute the patched files, many site owners might not be aware they’re running out-of-date, exploitable code.” And recommends that small business owners should source themes and plugins from the official repositories, or from reputable developers who provide a clear update process.
Harry Metcalf, managing director of a public sector web developer and hosting business agrees with Wylie regarding insecure plugins, stating:
“WordPress has lots of amazing plugins, most of which are coded to a great standard. However, this isn’t the case for them all. We assess and publish a lot of plugins at DXM (his business) and over half have some kind of security issue that should make users think twice. If possible, an expert should assess the code before you use it.”
If your company’s WP site uses plug-ins, then make sure to up-date them
According to Metcalf, a pressing issue facing WP’s security is users failing to update plugins quick enough. As these updates enable hackers to know which plugins had issues – and therefore are easier to compromise. Metcalf added:
“Updates will often contain fixes to bugs and security incidents and when they do this, it lets attackers know that there might have been vulnerability in the previous version. So as soon as it’s released, you need to update as soon as you can.”
It’s something that easily falls through the net, but a lot of damage can be done if you don’t update quickly. It’s important to leave the window for hackers potentially exploiting your site as brief as possible. This is one of the easiest things you can do to safeguard your website.
Follow basic security best-practices
Don’t dismiss the usual precautions – they are still relevant to WP and really important to protecting you firm’s website. Wylie offered just a few examples of how companies are putting their business in trouble by failing to follow these simple procedures:
“The usual password practices are, worryingly, often overlooked. In my experience the cause of a lot of security issues can be put down to a trusted administrator, with a bad password or an exploit in an unpatched, third-party plugin. A good password is made up of capital and lowercase letters, number, and symbols – and it’s important to use a different password for each website. Everyone knows, and it does sound obvious, but it’s surprising how many people leave their website at risk because they don’t do the basics.”
Consider remote management tools if you’re a busy entrepreneur
Phil continued: “It’s understandable that businesses are busy and don’t have the time to be constantly keeping their eyes peeled for the latest plugin updates. But there are some brilliant remote management tools available to take the pressure off. Jetpack now includes a site management feature, for example, which has many of the useful tools that the more established services such as WP Remote and ManageWP offer. This helps you remotely install updates with much less hassle.”
Be fussy with who’s hosting your business’ site
It’s important to select hosting that is suitable for what you’re doing. You shouldn’t touch cheap, shared hosting if you’re running an ecommerce site. But on the other hand, if you’re running a personal blog, you don’t really want WP VIP to be looking after it. Choose a hosting company that gives you confidence that your site is in good hands and one that will have the time to help you if you ever need it.
Generally, WP is a secure platform for users, as long as you ensure you update it regularly to protect it from hackers and bugs. The bottom line is that WP was developed for developers. This gives you a lot of free range to do what you wish, but there is also the downside of having to safeguard it yourself as you go.
This article was written by Daniel Foster, the co-founder of web hosting company 34SP.com