With the latest ransomwear attack Wanna Cry, people are on (understandable) edge as it relates to the security of their digital information. These attacks come up in the news and they can make you feel like you have no control over your online information and data. While the Wanna Cry attack was more specific to computers running Microsoft programs, websites can get attacked as well – causing your website to go down or worse, redirecting your visitors to naughty websites!
Luckily there are some things that you can do to keep your website malware free and speedy for your visitors! Here are a couple of maintenance issues that will prevent solve 90% of any malware issues:
- Make regular backups of your website. There are a number of great website backups you can use, but we recommend a plug in called BackUp Buddy. BackUp Buddy will automatically do a full back up of your site as well as just the database (all the content of your site like blog articles, images and content on your pages.) You can set Back Up Buddy to do an automatic back up to a remote location such as Dropbox and Amazon S3, if you don’t feel comfortable with those options BackUp Buddy also has a storage option called BackUp Stash for a nominal cost.
- Always use the updated version of WordPress. While updating your website may seem tedious, the newest version always contains fixes to bugs, errors and has improved security measures. This is done by logging into your WordPress dashboard and clicking on the update buttons for WordPress. It is also good to update your plug ins and themes on a regular basis. I suggest going in every two weeks or so and checking. A good time to do this is when you are adding a blog article.
- Make use of security plugins. Plugins such as WP Security are extremely helpful because malware can get in through spam messages. These security plugins will help safeguard your WordPress site from spam messages with malware. It reduces security risk by checking for vulnerabilities, and by implementing and enforcing the latest recommended WordPress security practices and techniques.
- Change your password. Changing your password often will help safeguard your website from potential hackers. Once every three months is a good rhythm to have. The rule of thumb is to have a password with a combination of numbers, letters, symbols, uppercase and lowercase. In addition, make sure to create a WordPress login and password that is hard to guess. Because so many passwords can be difficult to remember and keep up with, a tool that I find really useful is LastPass. You just have to remember one password and LastPass holds on to the rest for easy access. Another is called KeyChain. These are great, but remember to log out of them when not in use.
- Regular Scanning for Malware. With everything that you do to ensure your site stays clear of hackers, some still might get in. Having an ongoing scanning tool can alert you if any shenanigans have happened on your site. Better yet an opportunity to get it cleaned if something happens can really put your mind at ease. Some hosting companies like Go Daddy offer this service. There are companies like Sucuri that can help you with this as well.
- Install an SSL (Secure Socket Layer) if collecting client information. If you are using your website to collect payment information, mailing list information, etc – invest in an SSL for your site and take all precautionary details of securing that information. This is probably going to scare a lot of you because many of you do this. The question to ask yourself is whether or not it is happening on YOUR site or are you using another source. For example, is your shopping cart Infusionsoft or 1Shoppingcart – then they provide the security for you. Is your opt in and eNewsletter connected to MailChimp or aWeber, then they provide the security for you.
Overwhelmed? Want to talk it through?
Click here to hop on my calendar for a free 15-minute consult.