Making your website secure is about more than just being careful with your password. Hackers can access your website in a lot of different ways. Worst still, a hacked website can destroy your Google rankings and even get you blacklisted by Google. In fact its rumoured that Google blacklists more than 10,000 websites every day!
It can take weeks or months to get removed from Google’s blacklist. By that time you will have taken a hit to your SEO rankings, which can be hard to recover from.
But it’s not all bad
WordPress is a great platform but it does force you to make sure your website is secure, it wont do that for you. Fortunately we believe there is an established way to lock down your website and save you all this trouble.
The best way to avoid the whole mess is to pay careful attention to your website security at least once per year. Review your security setup or ask an expert to review it for you.
Here is exactly what we suggest you do:
- Set up and configure a website firewall
- Review plugins & themes for known security holes
- Remove brute force attack vulnerabilities
- Set up a regular malware scan
- Remove common well-known WordPress attack vectors
- Set up security notifications in case of attack
- Get a full security audit
- Set up spam filtering
- Check you don’t appear on blacklists
- Set up a security filter (as required)
Once you follow these 10 steps your website should be about as secure as it needs to be. We’ll be releasing a more comprehensive guide to how to do these tasks over the next couple of months.
The security process can be a little scary plus some of the items require technical knowledge, which is why we created a WordPress Security Setup package to do these 10 tasks for you for a fixed price of $199.
Get our fixed fee WordPress security setup package & fix all 10 security issues for just $199
Do I have to do any ongoing security maintenance after the initial work?
The above recommended security setup is (mostly) a set and forget affair. There are some ongoing security tasks we recommend you complete, in particular (a) run your plugin and theme security updates monthly or at the minimum quarterly and (b) keep an eye on your email for any security notifications from your website. At WP Runner we send our subscribers monthly website health reports to keep track of their website security (amongst other things) and we find that helps people keep a pulse on how things are going.
I hope this helps you get an understanding of the security tasks required for you website. We encourage you to share this with your friendly neighbourhood web developer and get help before its too late.