At its core, WordPress is a very secure content management system (CMS). However, the lack of security updates, maintenance, and neglectful security updates can leave a WordPress site vulnerable to attacks. A hacked website can be very damaging for any business owner and it can lead to a loss of your online reputation. There are an estimated 75,000,000 sites online using WordPress and the majority of the most popular websites are vulnerable to an attack due to the lack of maintenance.
At WSI we value the importance of an updated system, plugins and files. We ensure the following:
- Setup the right WordPress security plugin,
- Schedule updates for WordPress plugins
- Configure and deploy automatic backup and recovery tools
- Secure reliable WordPress hosting that is complimented by web application firewalls for intrusion prevention
This is our Typical Setup for the System and Protection of a WordPress Website
WordPress Security Plugin
Using a trusted plugin we lock down WordPress and change its various default values that are typical for hackers to target. This prevents brute force intrusion attempts, file change detection, 404 detections, lockout bad users, hide login and much more. We receive monthly reporting of the overall security grade for proper monitoring of the system status and set requirements to review user passwords on a regular basis to deter bots from targeting a specific user. Best practices for strong password enforcement typically including 8-15 characters, 1 lower case, 1 uppercase, 1 special character and something unique for that user account
WordPress Plugin Updates
Updating plugins is the most important maintenance factor for WordPress. 40% of online WordPress websites are vulnerable to hackers because of a lack of updates. We will always update plugins immediately when we’re notified of a potential vulnerability or exploit detected by the plugin author. Every quarter we update all of the other plugins on the website. Once the updates are complete we perform a thorough quality control check to ensure nothing has been compromised and verify that the version of the WordPress CMS is updated to the latest security patch.
We work with a sophisticated backup and restore plugin that will automatically backup and save the website files and database once a month on a secure remote server. If ever there are any issues we can use this to restore anything caused by broken code, a broken plugin or if any content was accidentally deleted. Website backups are always performed before any plugins or WordPress version is updated to ensure a roll-back is easily accessible in case of conflicts.
Secure Web Hosting
Our trusted partners use high performing load-balancers using NGINX that securely and rapidly deliver fast content served with always updated PHP versioning. Our Server performance complimented by a secured (SSL) Content Delivery Network (CDN), provides powerful load speed and the secure delivery of content and images. Server monitoring is also set to detect if there’s an intrusion through unsecured ports and will lock them out if there’s a suspicious login attempt.
Use of a Web Application Firewall & Protection Against Input Fields
The Firewall authenticates and blocks out the bad robots attempting to break into your site in a single session or steal any data that it can scrape. It detects them and blocks them out of the site and server. We also use a secure form system that prohibits any cross-site scripting (XSS) and locks out any backdoor attempts considered to be vulnerabilities or potential exploits.
Without a thorough checklist it can be very difficult to remember all of these steps but at WSI we are continuously proactive in the maintenance of WordPress CMS, plugins, files to secure and protect our customers. Learn more about our WordPress maintenance and security or feel free to contact us to discuss your needs.