It’s Saturday morning and I want to quickly share some website and security tips. These are some of the tips I also share with our clients. I’ve kept this blog article short so it is quick to read.
When it comes to security and backing up, I am a strong believe that prevention is best. The last thing I want is for you or a client of ours to ever lose data on their computer, lose content on their website, end up with a ransomware virus OR worse!
I remember at an industry event in Brisbane a few years ago a speaker’s topic was called ‘Back-up, Back-up, Back-up’ so I’ve decided this is going to be the first sub-heading in this blog article. Please read on:
Back-up, Back-up, Back-up!
It goes without saying to back-up your laptop computer (and/or desktop computer if you use one) often. At least once per week. Store your backups remotely. As in, store them somewhere safe in a separate location to where you keep your laptop or desktop. If you are keen on backing up to the cloud, then by all means do that too.
Definitely ensure your website is being backed-up regularly too. At least once per week if you are only adding content weekly or monthly. If you are adding content to your website daily, definitely backup your website and its database daily. You can do this manually or you can speak to us about setting up an automated back-up system which we provide for our clients.
There are many, many backup plugins for websites built using the WordPress.org Content Management System (CMS) or Website Management System (WMS) core engine. The one we still often use is called BackupBuddy. We own an unlimited usage lifetime license for it.
If in the worst case scenario your website gets majorly hacked, and the cost to get a hack-rescue team to fully fix the hack is going to cost way more than you are willing to spend, or the hacker completely destroys your website, or FULLY deletes it, you are going to thank yourself for having a recent backup. Don’t lose your excellently crafted website and precious content you’ve invested time creating and adding into your website, by not backing up regularly.
Side note: We also provide hack-rescue services. If your site is hacked or you suspect it has been, feel free to contact us.
Here is an additional side note: There are nasty rumors that websites built on the WordPress.org platform are not secure. Those rumors are simply not true. WordPress.org is a MASSIVELY popular website platform and millions of sites around the world are built on it. ANY website needs to be security maintained though and needs to be hosted on reputable hosting that has excellent fire-walls in place. Same with WordPress.org websites. If you neglect security for your website, then your site will eventually become non-secure…. which means it’s only a matter of time before it gets hacked. That is no different to any form of website.
On a brighter note, WordPress.org actually just celebrated its 15th b’day.
WordPress.org has been created by some of the smartest minds in our industry and it evolves multiple times per year with new features added each time.
A group have even attempted to (as accurately as they can) work out how many ‘collective man-hour years’ have been put into building, expanding and evolving the WordPress.org engine over the last 15 years. They have calculated it to be in total, over 112 years in man-hrs! Thousands of developers all around the world have worked on it! Considering you get to use it for free, that is MASSIVE VALUE!! Another fun-fact is that it works out that the estimated cost to fund a project of this size is over $6 million dollars! Have a quick read of this article to find out more stats about WordPress.org
Computer and Website Security
Please heed my word: You MUST make sure your laptop and/or desktop computers are running reputable anti-virus and anti-malware software that is up to date. Last thing you want is people stealing your data or using your computer as a slave or logging into your personal accounts (including your bank account) or end up with a ransomware attack. If you don’t know what a ransomware attack is, read this article on Wikipedia.
A good example of quality anti-malware software is Malwarebytes https://www.malwarebytes.com/ . It can be used on a PC or Mac. I strongly recommend paying for one of their business licenses.
Also please consider subscribing to authority websites that announce security threats. In Australia, the ‘Stay Smart Online’ website is a good site to subscribe to https://www.staysmartonline.gov.au/. I also recommend following them on Twitter and Facebook.
Tip: Also like and follow facebook business pages that regularly announce security threats. Your local computer store may post announcements. We post the worst ones that get announced.
Also you may want to consider Ransomware Attack Insurance. You can speak to your business insurer about this.
Your Website also needs to be Security Maintained Semi-Regularly
Be sure to pay attention to making your website as secure as possible. And also decide on how you will keep it security maintained. Website security is not a set and forget activity. It has to be done semi-regularly.
Chances are you have or are looking at getting a website built on the WordPress.org CMS engine. This is a REALLY smart idea; it is the BEST website platform to grow your business with.
Make sure though you have security protocols in place. Any website built on any type of website CMS platform needs this and a WordPress website is no different.
For WordPress websites we recommend AT THE BARE MINIMUM these security measures as part of your website security policy/ protocols:
- Install and configure the WordFence Plugin
- Just like your mobile phone, the firm-ware (code) of your website needs to be security updated regularly as needed. WordPress.org release updates. So do those who build Themes and Plugins for WordPress. Make sure security updates are done by professionals only. I have written more about this below.
- Be careful who and how you give login access to your website too. Don’t ever email any of the passwords related to your website in an email with the usernames in the same email unless you are using encrypted email or an encrypted messenger system like Viber or Signal https://signal.org/ . Always remember: Emails or messages that are not encrypted can be intercepted. ONLY email usernames and passwords in separate emails or speak with us about even better methods.
Make sure website security updates are done regularly by professionals ONLY. You don’t want to accidentally break the functionality of your site by trying to do this yourself, unless you are an experienced Website Developer with WordPress.org Security Update Skills.
Back in 2016 I wrote another article about WordPress website security. It provides even more useful advice. You can find that article here.
Tip: Also make sure your website is hosted with a reputable host provider. This also can mean the difference between keeping your site secure vs potentially having it hacked.
If you have any questions about website or computer security, feel free to share them in the below comments.
If you have additional insights you want to share, please by all means share them in the comments.
I have not mentioned Sucuri.net in this blog article, or gone into much detail about website and hosting firewalls, or other things… so if want to, please do share that too.