Website hacking continues to make the headlines.
One of the biggest data breaches since GDPR came into force has been at British Airways, where a significant amount of customer data was stolen. Hackers were inside the system for more than two weeks, taking the personal and financial details of the company’s customers, affecting some 380,000 transactions.
Beyond the headlines and the big names, however, hacking is also an issue for many SMEs, with WordPress sites being those most at risk.
“When visiting your site, your browser alerts you that it has been hacked, Google search results might flag it as hacked, or your hosting provider might take your site offline. However, these signs can mean that the site has been infected long enough for serious damage to have occurred.”
Weaknesses in WordPress
According to Sucuri’s Hacked Website Trend report, in 2018 WordPress accounted for 90% of hacked websites.
“There are problems with users running old versions of the platform, but also the effect that some plugins can have.”
Plugins are pieces of software containing functions that you can add to a WordPress site, extending functionality or introducing new features to it. They should integrate seamlessly with WordPress.
“Plugins are simultaneously one of WordPress’ greatest strengths and, potentially, critical weaknesses”
While plugins should solve a specific problem or provide an essential function, they can be a backdoor to introducing vulnerabilities into a site.”
Rules for Plugins
The advice is, only use plugins that will add something useful to your WordPress website.
“If the plugin is not solving a specific problem, or providing a solution that you require, don’t install it. Resist the urge just to install a plugin because it might be nice to have.”
Users should only install plugins from sources that are properly vetted, and only when the plugin is necessary.
“Many WordPress themes have built-in ways to provide certain elements to a site, which means you don’t need plugins for these things. Always check what your theme offers first, before installing a plugin.”
The one critical plugin to install is a security function.
A security plugin looks after your website:
- Limiting failed login attempts
- Identifying and blocking fake traffic and security scanners
- Continually monitoring core files, codes, themes and plugins
Other Security Essentials
“People tend to still be too lax around choosing usernames and passwords. The username and password for your WordPress site must be secure, and not simply variations on the word admin, or worse, password.”
It is also vital to make regular backups of your WordPress site, again with a properly vetted plugin and to delete any unused themes and plugins.
“Not only can these slow down the performance of your website, but also to ensure your security is tight. Each one of your old or unused themes could be potential opening for issues with your site security.”
“Protecting your site from hackers is a business essential, and ensuring you have a good hosting provider can help greatly with this”
“Whoever is hosting your site should be including fundamental security and protection as part of their customer service,” concludes Jonathan.
Marketing Aspects Magazine appreciates Jonathan Guy’s insights.