Every week I read about new security vulnerabilities for websites. In this past week, there have been several reported for WordPress. Since I highly recommend WordPress for churches, how can you keep your website safe from attack? Here are a few basics (most of these are especially important for WordPress)
- Choose strong passwords – In today’s age, every password you use online should be a strong password, with at least 8-12 characters including numbers, symbols, and mixed case letters. You can use tools like 1Password or LastPass to save your passwords.
- Choose a reputable host – You get what you pay for when it comes to hosting. You need a hosting company with good support. You never know when you will need it.
- Keep backups of your site – I recently started using the plugin BackupBuddy for WordPress. I have it backing up all my sites and storing the backups offsite on Amazon S3 storage. I keep both full backups and database backups in case I need to rollback any site.
- Keep everything updated – This includes your content management system, themes, and plugins. For WordPress, make sure you keep WordPress up to date, including all your plugins and themes. For any premium plugins or themes you purchase, make sure you check with the company you purchased from to make sure you are running the most up-to-date version.
- Delete unused plugins and themes – This is one thing that many people neglect. I’ve only had one site hacked, and it was due to an old unused theme that had a security vulnerability. Even if the theme or plugin is not active, in systems like WordPress they can still be accessed and used to hack your site.
- Use a good security plugin – iThemes Security, Sucuri, and WordFence all make great WordPress security plugins that will check your site and let you know about potential vulnerabilities
- Don’t panic – If your site is hacked, don’t panic. Work with your website hosting support company to find out how access was made, and use your backups to restore your site.
- Pay someone knowledgeable to do it for you – Honestly, this is what I would recommend. It’s tough keeping up with all the latest security issues. After the last WordPress announcements, I had all my sites updated within the hour. I only support sites that I host, so that I can ensure that all sites are properly protected.
Honestly, there is a high likelihood that you will experience your site or account being hacked at some point in the future. Think ahead and the procedures and processes that you will follow. Be prepared to minimize your chances.