Hi everyone, as I kick off the new English format of the site, today I'm going to talk about defending your site against information security thieves (hackers). Most people have no idea just how big of a concern this really is for their business websites, or the consequences of what can happen if you do get hacked. For a small business running a website, unless you have someone actually updating your site, there's a very high probability that you have security vulnerabilities that are just waiting for a hacker to find them. Don't think so? I did a recent study of local businesses and the versions of WordPress they were running and found that close to 50% were running versions with known security vulnerabilities. These are things that all a hacker has to do is follow a simple script and they can break in. Combine this with the fact that over 10,000 website are hacked monthly, and it does not paint a very pretty picture. Perhaps what's most alarming of all to me is the fact that in talking with local business owners, they think their hosting provider is doing this for them, and yet in virtually every single instance, they are not!
While I know what I'm about to say may seem basic to a professional website designer or info security geek like me, the fact is that most business owners either don't know this, or don't do it, so I'm going to run through a few quick tips here:
1. Use complex passwords consisting of upper case letters, lower case letters, numbers, and special symbols if allowed.
2. Ensure that WordPress, themes, and plugins are all set to autoupdate. This one thing can save you a whole lot of headache.
3. Use a plugin to limit login attempts by IP address.
4. Use CloudFlare to challenge known problem countries.
5. Your admin username should be something random and complex - never something obvious like either admin, your name, or your business name. Mix it up so it's memorable, but difficult to randomly guess.
6. Always disable any unneeded functionality or plugins. Only ever run the bare minimum set of capabilities required. Every little feature or bit of software that is present and accessible on your site is another potential way for a hacker to break in, so get rid of anything you don't need, and limit plugins to do only what's required.
Thanks it for now - thanks for reading!