Ultimately, you can get never have 100% assurance of a completely unhackable website.
Large companies gets hacked all the time. Here is a list of the biggest breaches ever. Since hundreds of millons of emails have been obtained in these breaches, it is actually very likely that your email was in one of these databases. This is one of the many reasons you receive spam. Curious to find out of your email has been involved in a breach? You can check at HaveIBeenPawned.
The concept of ultimate safety is a fascinating one. When we indulge in a life project, are there any truly safe endevours ? Probably not, everything comes with some element of risk. If you look at safety aspects of our bigger life experiences like safety in the workplace, safety in property investing and safety in travel you will notice the tips provided in these articles are centered around these themes:
- Research and being prepared
- Maintaining safety on an ongoing basis
This is exactly the same with websites.
This article will explain how to prepare and also how to maintain your website on an ongoing basis. We will focus on WordPress, because it is the most popular platform for websites.
The first step, is that when you setup your website, passwords are extra strong. Here are 2 websites that give you feedback if your password is secure: here and here. Do not ever enter your actual passwords. These are tools to give you an idea of what is strong and what is not, as you type in something random.
When you install plugins and themes, remember these are not always safe. Ensure they are either listed on the official WordPress plugins directory, the official wordpress themes directory, reputable marketplaces like themeforest, or simply a reputable software company. A randomly found theme or plugin that you have not researched, may contain malware.
Setup regular backups. Your host may keep backups, but this should never be relied upon as your sole source of backups. Using a plugin like UpDraftPlus is a good option.
Install a security plugin. I like Wordfence. This detects hacking attempts and blocks them. There are some tasks that need to conducted with this this plugin every month (mentioned below).
Never use the username ADMIN. This is the main username hackers use to hack an account.
Every month you should update WordPress, plugins and your theme. Keeping your software is up date ensures that everything runs smoothly, and patches any security issues from the last versions.
Backups sometimes fail. Check that your backups and running and kept up to date on a regular basis.
Wordfence has a malware scan feature. It is recommended to run this scan every month
Some websites have many registered users. It is good practice to regularly check them and make sure that the roles allocated are correct. You don’t want administrators to have access when they should not have access. Also check that there are no registered users who you don’t recognise or who should not be there.
It is good practice to keep up to date with the latest news about the themes and plugins you are using, as well as wordpress news generally. You will discover new tools that are coming out and new features in the next versions. But also you will see security vulnerability news and sometimes that news will apply to the plugins you are using.