WordPress Security – The important stuff!

But it’s just a website!

It has nothing of importance!

We are just telling people what we do!

We just threw it together on WordPress because it looked OK, pretty cool eh, what do you think?

These are some of the reasons and responses that most organisations say about their websites.   They do not consider their website an important component of their business security.

All of these implied reasons are all BULL

The damage that a compromised website can do to your reputation, your brand, your customers, your staff and your organisation in general can be devastating.

How can it have such an impact?

Today’s world everything is automated.

From building cars to putting together modem routers, it is all automated, created by robots or done with no human intervention.

Just set and forget!

In this world a bored teen with minimal parental supervision, access to the internet and access to a computer, tablet or smart device can download any number of automated systems that can and will target any website.

Why?

just because they are attached to the internet.

Bored teenagers and Hackers alike Don’t Even Break a Sweat…Download… Copy… Paste… Hack! 

Its just that easy!

Automated systems target everyone!

That is why a Million+ Sites were Hacked or Defaced by Exploits in the last 12 – 18 months.

Once again attached to the digital world = target!

WordPress security can be very easy as well as exceedingly difficult.

Like any required expertise, anyone can do it but it takes an expert to actually secure a website properly.

Just 1 Bad Plugin or Update & Your Site Is Theirs!

What about Google?

If your website is infected and starts delivering malware to your visitors then you’ll Get Blocked by Search Engines for hosting…A Fake Store, An Attack Site or A Phishing Site…

This will have significant impact on your site especially if you are spending money on SEO.

The all-encompassing world of search – especially GOOGLE, can have a significant impact on your website through search engine optimisation (SEO)

I spoke about reputation in general, how about Brand in particular?

The impact on your reputation, brand and ability to create revenue can be significant.

Your Site, Your Reputation, Your brand, Your Rankings & Your Domain Value Destroyed literally overnight and in a lot of cases it will not register on your business.

The problem could be seen as a change in Googles algorithm.

How big an impact would a significant drop in search visitors have on your organisation?

The significant drop in visitors could be attributed to the blacklisting of your site.

Anyone going to your site will get the google precaution web page – proceed past this point at your own risk.   How many people are going to go against that message, only 10%.

It’s Going To Costs You Days & $1000’s To Restore, De-Blacklist + Re-Rank.

So that cheap and cheery website that you put up is now having a significant impact on your organisation.

Significant impact on your cash flow!

Significant impact on your revenue!

Lets now take it further.

If you keep getting your website hacked it will have significant problems for the hosting company as well as all, of the other organisations that have websites hosted on the same platform.   Same platform, same internet address.

They will literally ask you to take your website elsewhere because you are having a significant impact on their revenue and profits.

WordPress security – what can you do?

All of your problems started with the assumption that putting up a WordPress website is easy and can be done by anyone.   Here are a number of precautions that you can take to reduce the risk.

Update, update update

Like everything digital in today’s world updates are one of the keys to protecting the website.   Updates to the WordPress core are critical but updates to plug Ins, widgets and themes are just as important.

Updates remove those areas where the automated systems can get a foot hold on your site.

Visit your site regularly

We have known organisations who have not touched their website in 2 – 3 years.   This is bad for 2 reasons.   If you are not visiting your site regularly then you are not helping your marketing, you are not putting up, in the words of Tim Read “interesting and helpful content”.

Google does not like this.

If you are not visiting it regularly you are not getting the feel of what your visitors are seeing, and you are not being prompted to update all of these important components.

Use top quality plug ins, themes and widgets

Free is OK, but if you pay for plug ins, themes and widgets then there is a good chance that they will be better for your website.

This includes not only better functionality but also better security and support.

Use 2 factor authentication or Captcha

With some of the tools available, your website can be scanned and the usernames can be discovered.

That is one of the 2 things the wanna be hackers need to compromise your website.

Using 2 factor authentication and or a captcha system you are adding another layer to the log in process.

This makes it harder to access your website using automated systems.

Enforce complex passwords

I know they are hard, but complex passwords are very important when it comes to fighting all those automated systems.

All passwords should have 3 components, complexity (numbers, letters, symbols and capitals), long (more than 8 characters, but 10 is better) and uniqueness (different for every web site you visit or have access to).

Now hopefully you understand why protecting your website with the right attitude is good business sense.

The bad guys are out there and they are looking for every opportunity to ruin your organisation, your reputation and your ability to make money.

Roger Smith is the CEO of R & I ICT Consulting Services,(http://rniconsulting.com.au), Lecturer at ADFA (UNSW – Australian Centre of Cybersecurity), Amazon #1 selling author on Cybercrime (http://www.amazon.com.au/CyberCrime-Clear-Present-Danger-Security-ebook/dp/B00LEJTN5Y), author of the Digital Security Toolbox (http://www.rogersmith.com.au/roger/toolbox/) and the SME digital security framework (http://smesecurityframework.com.au/csb/).   He is a Speaker (http://www.rogersmith.com.au/roger/roger-smith/), Author, Teacher and educator (http://securitypolicytraining.com.au/cybersecurity-awareness-introduction/) on cybercrime and how to protect yourself from the digital world.

Posted in IT Security and tagged , , , , , , , , , .