Website Security: What Are You Doing to Protect Your Website from Hacker Attacks?
Maybe you heard about the mass usernames and passwords that have been made public on the dark web. The count is over 1.4 billion. The file found is not the result of a new data breach, but an amalgamation of those from several past breaches, collated into a single database that is over 41 GB in size. View the news here.
Reports include major breaches like Adobe, Tumblr and more, containing names email addresses, passwords, and websites. View an ongoing list here.
Reports show hacker attacks are up since the list has been out. You have to think, more sites are going to be hacked this coming year.
Regardless of the news, most seasoned webmasters know that hacker attacks are ongoing and persistent. WordPress sites have been under attack 24/7 by botnets for many years now, mainly because they are easy targets, and most people do little to nothing to protect them. What are you doing to protect your website?
The best thing to do is be prepared and secure your website now.
Here are a few suggestions if you have a CMS website:
1. Add security plugins like Wordfence. It uses rules to block known attack vectors regardless of their IP. Wordfence can stop attempts to search for it by blocking excessive requests that result in 404 errors. It has a proven history of blocking countless brute force attacks.
2. Hide the WP login pages. The plugin iThemes Security lets you do this under its “Advanced” settings. Then, scripted login attempts will fail because the login page itself has an arbitrary name which they won’t bother to look for.
3. Backup both database and full site. In the event of any hacker attacks, ongoing and routine backups will save you time and money.
4. Change all passwords with a password generator. Use password managers (online and device specific) to manage logins. One our of clients uses LastPass.com. They say it is fantastic and 100% secure. They have used it for a long time and get warnings for low security passwords, duplicated, etc. But, at the end, you can’t use one password all your life. Change is always good.
As for unknown malwares, another client prefers MalCare.com, a WordPress security plugin which combs through any changes in files so thoroughly that it finds the most complex or hard-to-find malware as well.
WordPress recommends following the best site hardening practices such as blocking PHP execution in untrusted folders, disabling the file editor, changing security keys, blocking rogue theme/plugin installation and security rules in htaccess.
At D Media, we offer a CMS Website Hosting with Maintenance package. This allows us to maintain our clients’ CMS websites with ongoing upkeep. Security is always part of the setup. Usernames are never admin, administrator, passwords are 18 characters, no two ever the same. Security is configured to auto block more than 2 failed login attempts. In the event of any hacker attacks, ongoing and routine backups save time and money.
With solid security plugins, consistent regular backups, good policies (secure passwords, remove old accounts, etc.), a strategy to retire, replace or adopt abandoned plugins, and ongoing upkeep of WP core, themes, and plugins, D Media is working hard to staying one step ahead of any hacker invasion.
What are you doing to secure your website?