Website Security: How to Protect Your WordPress Site from Cyberattack
No matter what kind of website you use for your B2B business, there are security issues to address. Here’s what you need to know to ensure your WordPress site is well-protected against hackers and cybercriminals.
Choosing a Secure Website Hosting Option
With many website hosting options available, it’s important to choose a hosting service that will save you time and money, as well as ensure maximum security for your site. At Innovaxis, our research led us to WP Engine: a WordPress managed hosting service and platform.
When Adobe eliminated its content management software, Business Catalyst, we needed a cost-efficient, secure web hosting solution for our clients that didn’t create the need for a lot of ongoing maintenance to stay up-to-date and secure. WordPress is used on over 455 million websites but we’ve seen dozens of WordPress sites get hacked, plummet in rankings and lead generation, and take a year to recover.
WP Engine is a managed hosting service, which means it includes 24/7 technical support staffed by experienced and technical people, a staging environment to test major changes, free SSL certificates and CDN, and automated daily back-ups with one-click restore.
Automatically Update WordPress Plugins
Plugin vulnerabilities are the source of 55.9% of the known entry points for attacks on WordPress sites, which makes choosing reliable plugins and updating them regularly a top priority – but this can take 5-10 hours per month depending on how many plug-ins you have, how often you keep them updated (weekly is recommended), and if you run into issues when you update them.
WP Engine maintains a list a blacklist of plugins to avoid and only allows you to download plugins from reputable sources.
WP Engine’s Smart Plugin Manager is ideal for keeping plugins and themes up-to-date and your site secure on a weekly basis, saving your website team 5-10 hours per month while keeping the site secure. Smart Plugin Manager uses machine learning and visual regression testing to check for updates so, when plugin updates are made, Smart Plugin Manager will automatically roll back the update if it encounters any problems. We also recommend deleting unused themes.
Though we love it, there are some Smart Plugin Manager drawbacks. You still need to manually update new PHP versions, which we recommend doing in the WP Engine staging environment after initiating a manual backup of your site, which you can do at any time. While WP Engine will update your WordPress version automatically, it will not test it, so we recommend also updating it manually on the staged site first.
Protect Your Site (and Speed It Up) with a CDN
Another measure you can take to protect your WordPress site is using a content delivery network (CDN). A CDN refers to a geographically distributed group of servers which work together to provide fast delivery of Internet content. The goal of a CDN is to deliver web content as quickly, cheaply, reliably, and securely as possible, across the globe. By using a CDN for your site, you’ll be better protected against some common malicious attacks, such as Distributed Denial of Service (DDOS) attacks.
WP Engine offers a CDN called StackPath, formally known as MaxCDN, at no charge. StackPath is a cloud computing network of servers that works by storing copies of, or a “cache,” of static content (images, javascript, CSS) in order to deliver them to a user from a server that is geographically closer. The CDN is cost effective and provides robust security features such as a web application firewall (WAF), bot protection, and Layer-7 DDoS mitigation. Using a CDN like StackPath will improve your website load times, increase content availability, and improve your website security. You can also use a third-party CDN service like Cloudflare, Akamai or Amazon CloudFront – for a separate charge.
Ensure Comprehensive Security with Wordfence
Whether or not you use WP Engine as your hosting platform, the rising threat of cybercrime calls for implementing additional security steps for your website, such as two-factor authentication. Two-factor authentication, or 2FA, is an extra layer of security used to verify the identity of people trying to gain access to an online account.
Most two-factor authentication systems use four easy steps:
- The user logs into the website using their username and password
- The password is validated by an authentication server
- The authentication server then sends a unique code to the user’s second-factor device through SMS or an authenticator application
- The user uses the unique code provided to confirm their identity
Wondering where to start in your search for a reliable 2FA method? Wordfence is a widely used WordPress firewall and security scanner, protecting over 4 million websites worldwide from attackers targeting WordPress. Features include login security controls, centralized security management, malware scanning, and robust two-factor authentication. Not only is 2FA now offered in the free version of Wordfence, but the security plugin also uses an authenticator application, such as Google Authenticator, to generate unique codes for you rather than relying on SMS text messages.
At Innovaxis, we recommend Wordfence to help identify and block malicious traffic, protect against commonly exploited vulnerabilities, and ensure login security.
Get Help Securing Your Website Before It’s Too Late
Don’t wait until your website breaks or experiences a breach in security – act now to protect your site and your business. If you do get hacked, it can take a year or longer to recover your organic search rankings, website traffic and inbound lead generation.
If you’d like to learn more about web hosting options like WP Engine and other digital tools that can enhance your site security, contact us today.