You don’t have to be a security expert to know that threat to your WordPress website is ever present. Your website goes through a daily barrage of attacks and abuse and most times can stand up for itself. However, not all websites are impervious to the threat of attack. In 2016 it was estimated that approximately 16,000 websites fell victim to viruses and malware. While this may not seem like an enormous amount please keep in mind that these are only the numbers that have been reported and I suspect that many more sites have been affected and the owners are simply not aware of it.
In this article, we will go over some of the simplest ways to add extra protection to your website prevent you from becoming another statistic.
Use an SSL certificate
An SSL certificate changes the way that your website operates in that it encrypts all the data that goes back and forth between the Web server and the browser. Typically an SSL is used to protect your customer’s credit card information transaction data and log information. Even if your website is not accepting credit cards I feel that it is critically important to have an SSL certificate installed. Even if your users are only filling out contact forms that are still private information that the visitor has decided to give to you and not to anybody else. The major deterrents to SSL certificates for many years has been the cost. However with the emergence of let’s encrypt you now no longer have to worry about a financial factor as let’s encrypt provides free SSL certificates for life.
Most web hosting providers including ourselves offer native integration of let’s encrypt into Cpanel. Part of the hosting services that we offer not only include this integration with let’s encrypt but we will also modify your website to make sure that the SSL is fully enforced across every page of your website.
Use ReCAPTCHA
While it may not be the most popular security aspect for everyday visitors ReCaptcha creates quite the headache for would-be hackers and bots. We’ve all seen recapture and are familiar with what it is. That sometimes annoying little box that pops up and asks you to identify all the street signs in a given photo or to complete other tasks to prove that you are not a robot. Recapture is a free service from Google that protects your website from spam and other forms of abuse. It uses a risk analysis algorithm to keep automated software or bots from being able to engage and interact on your website. The greatest thing about Google recapture is that it is always learning. Every time a user solves the recapture it’s machine learning data set is updated to help improve and strengthen the recapture service. It may not be self-aware but is able to learn and adapt to the ever-changing risk that exists on the web.
Hide Your Login URL
Not all virus and malware infections are the same. Some infections are quite obvious with their pop-ups or redirects. However, there are also viruses that make no visual representation on your website but instead siphon off the information that you and your users are entering. This brings into light one of the biggest risk for web developers and website owners – cyber liability.