Security, Security, Security, Turkey, Security

OK, you better answer yes to the second question in the title, and we’ll hope that you’re answering yes to the first question as well.

Let’s face it. The bad actors that are out there trying to break into your site are innumerable and relentless. Honestly, you can’t possibly stop them from trying. But maybe you can prevent them from getting in. How?

Keep Your Site Software Current

If you have a basic WordPress website (which a plurality of website owners do), welcome to the software jigsaw puzzle. There’s the core software (WordPress), a theme, and numerous plugins. All of those pieces of software are routinely updated by their respective developers. Make sure you deploy those updates! Are you the kind of person who ignores notices to update software? Don’t be! Stale software is a primary exploit method. Developers are always plugging software security holes. Don’t be subject to attack just because you’re not updating your site. (If you need help with this, you might benefit from our managed WordPress maintenance service.)

But don’t stop there. WordPress is built on the PHP programming language, installed at your website host. The current version of PHP is 7.2 (soon to be 7.3). Many, many WordPress sites (nearly 40%!) are still stuck on PHP 5.6  – source: Search Engine Journal). In December, security updates will be ending for PHP 7.0 and 5.6 (If you have an earlier version, uh oh, your security updates already stopped.). Check with your host to determine what PHP version you’re on. Be aware that if you’re using an old version of PHP as well as an old theme or old plugins on your WordPress site, you may not be able to update to a newer version immediately. Some older themes and plugins will not work with later versions of PHP. If you find yourself in that situation, it’s just plain time to update your site. If your site is three years old and hasn’t been refreshed since, it’s time.

Here a few other important security steps to take:

  • Have a good password policy in place and use only strong, unique passwords.
  • Make sure your site is HTTPS for secure browsing (visitors and search engines alike appreciate that).
  • Have a good website access policy in place. Restrict administrative rights as much as possible.
  • Use a security plugin on your WordPress website. We like Wordfence, but there are others.
  • Only use reputable software on your website.
  • Use two-factor authorization for logins.
  • Back up your site regularly.

And Why Should We Care about Security?

A hacked site is more than a pain. First, your content can be defaced or replaced. That’s a drag. (And if you’re not keeping backups of your site, you could lose your content.) Second, if you have information on your site about customers, you may be giving that over to the bad guys. Third, if hacked, your site can be used a springboard for attacks on other websites, or to send out spam, potentially tarnishing your name and your Internet location. Fourth, depending on your hosting arrangement, attacks on your site can potentially endanger sites located within the same hosting environment — your hosting neighbors. We’re probably scratching the surface here.

An increasing amount of our time, as a website builder and website and email host, is focused on protecting our customers from bad actors. No host can guarantee you’ll never be hacked. But you don’t have to be a turkey (and get roasted — OK, terrible pun). Instead, you can take steps today to keep the bad guys at bay (tell them to get stuffed!) and keep your online presence more secure.

We wish you a happy, healthy, secure Thanksgiving!