Is Your WordPress Safe Enough?Alex Sky
If you run a professional website through WordPress, security is of vital concern, especially given the recent data breaches at major firms.
Clients are increasingly anxious about their personal information; they want to feel certain you’re doing everything you can to keep that information safe.
It’s probably time to audit your WordPress with that key question in mind: Is your site safe enough?
You can earn your clients’ trust by applying the five safety tips below to your WordPress site. Too many users will click past the warning that a site is unsecured, but they won’t be blasé if they get victimized by a breach. You need to make sure that doesn’t happen.
- Choose Smart Hosting
Just because your site is based on WordPress, that doesn’t mean you’re limited with regard to hosting. You can choose from a variety of hosting options beyond the ones managed by WordPress.
WordPress-based hosts Synthesis, Flywheel, and WP Engine are among the best hosting options because they’re designed for security. From malware protection to anti-hacker features, you can stay on-brand for hosting with few concerns.
- Trust External Tools
WordPress features plenty of excellent plug-ins, but if you have to collect sensitive information from clients — such as credit card information, addresses, and phone numbers — you may want to look for secured, external platforms. For example, the property management company Green Residential links clients to an external company, Appfolio, when the latter have to pay rent.
Similarly, if you’re screening tenants, you might collect basic data such as name and email through your WordPress site, but direct people through screening sites like VerticalRent so you aren’t liable for securing Social Security numbers and other sensitive information. The key to site safety is both to manage your site with care, and redirect the highly sensitive processes.
- Back It Up
Just like your computer, WordPress is liable to crash due to technical problems, and if your hosting doesn’t offer comprehensive backups, you could be in trouble. Choose a backup service for your website that’s reliable and easy to use so you can reboot your site quickly if anything happens.
If you can’t keep your own page up and running, even if temporary crashes don’t create serious security problems, customers are less apt to trust you with their data.
- Run Every Update
We all hate to have to run updates. Most of us put off system updates on our home computers for as long as possible.
When it comes to your WordPress operation, however, you’d be smart to make sure you stay on top of updates for both your themes and plugins. Out-of-date plugins, even ones that aren’t in use, can enable hackers to breach your site’s infrastructure.
Also, you shouldn’t make significant changes to your plugins, such as altering the file permissions, because no one can predict what impact this could have on performance.
- Boost Dashboard Safety
Although you might not think of your WordPress dashboard as part of your site, it’s actually an integral factor in comprehensive site security. For example, you should always shift your dashboard login process to use two-factor authentication rather than a simple sign-in, and never use “admin” as the username.
Maybe you’ve tried to access something on a site you weren’t supposed to and guessed “admin” or “guest” for the username, and just possibly managed to get in, yes? Setting anything like these as your login would be a rookie error.
Even if you think your WordPress set-up is operating flawlessly, it likely could be more secure than it is now. Take the time to update your password, hide admin information, and lock down your dashboard.
Few websites could be said to be invulnerable, and many of us who operate them have nowhere near the proper skills to hack one … but we have to be smart enough to block those who will try.