If you run a website on WordPress, one of your top priorities should be keeping your login page secure. No matter the kind of site you have, be it a reasonably static information page or a membership or eCommerce site.
This article will explore what easy steps you can do today to secure your site from hackers, which could potentially wreak havoc on your business!
1. Why is this so important?
The severity of a successful attack will vary from site to site, but either way could have catastrophic consequences for your business. For example, suppose you have a static website. In that case, hackers could gain access and change information on your site to redirect customers to their web page. They could add new pages to your site or take it down entirely. You can see how this could completely obliterate your online presence and seriously harm your business. Something much more severe would be running an eCommerce website where customers can purchase items from your online store. Hackers would easily have access to all of your customer data, potentially including credit card details and guess who would be responsible for this breach? That’s right; you could be held liable for failing to keep this sensitive information secure on your website. Ok, now we understand why it’s so essential to secure your data; let’s see what we can do about it.
2. Passwords
One of the first things you should think about with any site is the password you are using. You should always make sure your password is not easy to guess and contains a mixture of characters, including upper and lower case letters, numbers and symbols. This may seem obvious, but the majority of successful attempts are due to ‘brute-force’ attacks. Hackers can tell their computer programs to run through the dictionary or provide a list of commonly used passwords, and the computer will run through hundreds or thousands of attempts per minute until it finds a match. So stay away from dictionary words or the surprisingly common ‘Password1’. This is the equivalent of going away on holiday, putting a huge sign up in your garden and leaving your door unlocked.
3. Password Managers
Setting up secure passwords is something we all need to do. And each site we have a login for should have its own unique, complex password. Now the next challenge is one we all can relate to. How do you remember all these complicated passwords? By far, the best option and one I use personally is to use a password manager. I’ve tried quite a few of these and would highly recommend Bitwarden. Bitwarden is an open-source project, meaning developers from around the world have all contributed to the build and have peer-reviewed each other’s work to ensure it’s been done to the highest standard. Bitwarden even comes with a self-hosted option, so you know for a fact that your data is only available to you and will not be shared with any other companies.
Bitwarden integrates with the majority of browsers and will sync across all of your devices. You can run it on your mobile phone, laptop and tablet all at once and can even install it as a browser add-on which makes using a super easy experience.
You can use this to generate complex passwords and save them into your password manager, so it’s always there when you next visit this website.
One Web Creations can help set this up for you on our in-house server set up if you want an easy set-up procedure. Prices start from just £2 per month.
4. Enforcing strong passwords
Suppose your site is open for registration or has multiple users. It would be best if you forced all users to use secure passwords. You can install a plugin named WPassword. With this plugin, you can also set passwords to expire after a set period, reset passwords for all users and enforce strong password policies.
5. Enable 2FA
2FA (two-factor authentication) is another tactic you can and should use on your site. This will ensure that only the correct user is logging on by either sending a code to another device they register or using an authenticator app. Bitwarden also has this feature so that you can use it for this purpose. Enabling 2FA means that even if a hacker gets hold of your user’s passwords, they still cannot log in to your site as they will not have access to the users 2nd device.
6. Hide your WP-Admin page
Another good step to secure your WordPress site is to hide (or move) your WP-Admin page. Hacking attempts can be performed by bots, which will scan the internet looking for vulnerabilities. The best form of defence is simply not to be there. It is common knowledge that the default WordPress login screen lives at www.yourwordpresssite.com/wp-admin, where most bots will look. A free plugin I use on every WordPress site is WPS Hide Login. This plugin allows you to move your wp-admin page to a new, completely custom location. You can move it to any location you like, so you’re just not visible to the bots!
Like what you’ve read so far?
If you like what you’ve read so far, but don’t want to get bogged down in detail, let One Web Creations take care of your WordPress site, we will design you a completely custom, highly converting website with speed and security built-in as standard.
Get in Touch today for a personalised estimate for your business website.