You don’t need multiple security cameras and elaborate alarm systems to keep your home safe–just take a few basic steps. Trimming the vegetation, adding lighting, and locking your door go a long way to discourage intruders. Similarly, you can employ all sorts of website security, but a few good practices will reduce your exposure significantly.
Use Strong Passwords
The most powerful tool for security is the one most neglected–use good passwords. Make them strong (see my post on how) and unique for each site (this tells an easy way to do that). Keep all the rules–no obvious dates, no names of family, friends, or pets, no sequences. And don’t carry them in a notebook or leave them on a Post-It note.
Sure, it can be inconvenient. But a good password is like having a strong deadbolt on your door. Don’t go for a cheap lock anyone could defeat.
Don’t Be Obvious
Don’t have a user with the name “admin” or “administrator” or some other generic setting. When you do so, you’re giving out half the login information. Use common sense and never have a username (or password) that could be easily guessed.
Hide the Door
If you use WordPress, chances are that when you installed it, there was a widget in the sidebar or footer called Meta, which has, among other things, a link to the site login. Anyone familiar with WordPress knows how to get to the login page; it’s not a big secret. But having an obvious link to it invites others to give it a try. If you kept an obvious username and didn’t use a strong password, you might as well be putting out the welcome mat.
Keep Software Current
When software developers learn of vulnerabilities in their software, they take steps to eliminate them. If you don’t keep your software current, you could be missing an important security update.
So if you are using WordPress (or any other Content Management System–CMS), be sure you have the latest version of it, as well as the latest versions of any themes, plugins, widgets, add-ins, or anything else you use. If you don’t know how to do this, hire someone. Make sure it gets done.
No matter how secure your site is, problems can happen. Back-ups are your insurance.
My guideline for back-ups is simple: how much are you willing to lose? This could be data or time. A website can always be re-built, but if that involves starting from scratch, that could take days. And if you blog and don’t have copies, you may never recover them.
Your website’s host may back-up files, but it may be a chore to get them back. And if the attack is on their servers, your site may not be a priority.
Find a way to do a back-up that works for you. Manual or automatic. Stored on the server or online or on your computer. Database only or all the files. Make your choices and DO IT. Frequently.