Here’s something that may surprise you: If you have a small website (small compared to, say, Amazon.com), your website is more attractive to hackers and may be more likely to be compromised, according to expert web developer Jenni McKinnon. “Smaller, less popular sites are a particularly great option for hackers because they’re less likely to be secure, since many owners of these sites may not know they’re actually a larger target than they realize,” McKinnon writes.
In The Ultimate Guide to WordPress Security, McKinnon also reports that “hackers attack WordPress sites both big and small with over 90,978 attacks happening per minute.”
Her long, complicated guide to website security lays out a host of measures, all of them requiring ongoing attention, to keep any website secure. As most of our clients know, we’re constantly working on keeping their websites safe.
However, all of our efforts can be easily undone by clients who maintain their own websites and/or by those who have other access to the server hosting their websites.
McKinnon’s comprehensive guide includes a list of measures our clients — those who have any access to their websites — must take in order to keep their websites safe. If you haven’t already done so, please take the measures listed below, and take them to heart. Here is what McKinnon’s guide recommends:
“It’s just as important that your computer’s secure as it is that your site is secure. Malware and viruses can infect your computer, which can spread to not only your WordPress site but hundreds of thousands of other WordPress sites.
“There are many ways you can ensure your computer stays as secure as possible.
“Here are basic tips to help you start stepping up the security of your computer and WordPress site:
- Install a computer virus scanner to help prevent malware and viruses. Be sure the software can also clean up threats as well.
- Schedule regular virus scans of your computer to be sure its not unknowingly infected.
- Install a computer firewall or enable it if its included with your operating system or your virus scanner.
- Don’t login to the admin dashboard or access your WordPress site when you have previously and are still logged in via a public WiFi or internet café since your credentials can be tracked or someone could be watching you enter in your login details.
- Don’t log into WordPress through an unsecured internet connection or network.
- Use a solid and trusted hosting provider who has an excellent reputation for security and reliability. (We’ve taken care of this part for you.)
- Only use strong passwords for your site and force your users to use strong passwords as well by using a plugin such as Wordfence. (We’ve taken care of this part for you, too.)”
As website security has become an increasingly important issue, we’ve stepped up our efforts by installing additional security plug-ins, increasing monitoring, strongly recommending that all websites use encryption, and adding encryption for all clients who have approved it. We’ve also migrated all sites to a dedicated server at a superior hosting company, SiteGround, which uses a host of measures and a top-notch technical team working 24/7 to keep your site secure.
And even more changes are coming, as continue due diligence to ensure the safety of all sites (and, by extension, their owners’ online reputations).
If you’ve logged in to update your website and do not have current anti-virus installed, or if you’ve used a public WiFi connection, or if you’ve used a home internet connection that is not secured by a password, then you’ve exposed your ministry’s website to unnecessary risk.
If you need to make changes to how and where you access your website’s dashboard or server, do it now. The alternative — a compromised website — is much more expensive and inconvenient, guaranteed.