Is Your Website Secure?
If your coaching website was hacked, would you know what to do?
Learn what you need to do NOW to protect your WordPress website. With the right preparations, you can be back online in just a couple of hours – instead of a couple of weeks.
Without security precautions, your site is more vulnerable than you think. I have never seen so many reports of hacked WordPress sites as I have in the last six months, including a couple of holistic doctors I know.
Most website owners don’t think about WordPress security until their site’s been hacked. And then it’s too late; their site is gone. According to WP White Security, more than 70% of WordPress installations are vulnerable to hacker attacks. Forbes.com reported at least 1,250 sites are hacked every hour. I’ve written this article to let you know how easy it can be to protect your coaching website.
Because WordPress is the most popular web publishing platform on the internet (by a large margin), it’s become a target for hackers and spammers. But it’s still one of the most versatile, affordable, and user-friendly solutions available online. And I use WordPress exclusively for all my websites.
How to Protect Your WordPress Site
Protecting a WordPress site requires a combination of using backups and security strategies. There is no one tool, software, plugin, or hosting company that will do everything you need.
Let’s review what you need:
1. You want multiple backups of your entire site stored at a separate location from your website. It’s best to store these backup files on your home computer or a different server. That way if your website gets hacked or hosting server crashes, you can get back online without losing any content.
2. Get FULL backups of your entire site. Many of the free backup plugins available don’t backup your full site, they only backup the database. If your site is compromised, a database backup isn’t going to be enough to get you back online.
3. Have current backups available. If you don’t regularly add information to your site, you may only need to do a backup once a month. Otherwise, you’ll want daily or weekly backups.
What to do now: If you only do one thing to protect your site, this is it! Make two or three current backups of your site, then keep current backups.
I personally use and recommend a premium backup plugin called Backup Buddy. It has all the features you need and makes it very easy to backup and restore your website.
You need strong passwords for yourself and everyone else with admin access to your WordPress dashboard. That includes your webmaster and virtual assistant. Think of your password as being your first line of defense.
How to create a strong password:
· Use 12 characters or more
· Include numbers, lower-case letters, capital letters, and symbols. Mix them up like “Ho*us3e” instead of “House*3”
· Don’t use a word that is in the dictionary or is commonly known, like “ncc1701” (The ship number for the Starship Enterprise.)
· Don’t use the same password on more than site. Even if you have a favorite combination that is easy for you to remember, add something to it so it’s different on every site.
· Don’t use one of the top 500 most common passwords.
Here’s a list: http://www.whatsmypass.com/the-top-500-worst-passwords-of-all-time
· Use a software to keep track of all your different passwords so you’ll feel more confident about using hard-to-remember passwords. I recommend 1Password.
Keep WordPress Updated
According to WP White Security, 51% of WordPress sites were hacked because of a vulnerability in either WordPress coding, the theme, or a plugin.
This is probably the #1 vulnerability in your website right now: you aren’t keeping it up to date.
If you are currently a WordPress website owner, you know that every time you update WordPress, you run the risk that your site may break. It’s no different than what happens when you update the operating system on your computer and suddenly some of your programs no longer work.
For that reason, many website owners do not regularly update their WordPress sites. Of course, in today’s environment, this leaves their site vulnerable to hackers.
I have found that the best solution is to use popular themes and plugins that have a good track record and are regularly updated. Avoid using free WordPress themes or plugins that haven’t been updated in the last 6 months. This has kept many of my sites running problem free for months (or even years) at a time.
What to do now: Check your WordPress dashboard weekly to see what needs to be updated. Keep your WordPress version, theme, and plugins all up to date.
And remember to look over your site after each update to make certain everything looks and works the way it is supposed to.
Install a WordPress Security Plugin
WordPress security plugins provide your site with protection against malicious attacks. There are several really good plugins available, both free and paid. The paid versions will typically scan your site automatically for viruses and malware and email you when it detects a problem.
While you will find that some features overlap from one security plugin to another, the three I recommend each have their own unique strengths:
· iThemes Security (free) or iThemes Security Pro (paid)
· Sucuri Security (free) or Sucuri Website Antivirus with Firewall (paid)
· Wordfence Security (free) or Wordfence Security Premium (paid)
I personally like to use iThemes Security Pro because it has so many features. Also, it works flawlessly with my combination of theme and plugins. If iThemes Security (free version) or iThemes Security Pro (paid version) doesn’t work with your site configuration, you can try one of the others.
You typically only need to install one security plugin. If you try to install more than one, they are likely to conflict with one another and then your site won’t be protected.
What to do now: Install and configure a WordPress security plugin on your site. Afterwards, check your site to make sure everything looks and works the way it’s supposed to. If you find any problems, try a different security plugin.
Managed WordPress Hosting
When I first heard about managed WordPress hosting, I thought it was an overpriced service for people who didn’t want to deal with technical WordPress stuff.
Today, however, I am recommending managed WordPress hosting to anyone with a WordPress website. Why? Because these companies offer WordPress security that is far superior to what you get with a $10/month plan from BlueHost or HostGator.
It’s more important than ever before to make certain your WordPress site is hosted at a company that uses extra security precautions for their servers. WP White Security reported that 41% of WordPress websites were hacked through a vulnerability on their hosting platform.
That means you could be doing everything right – using strong passwords, keeping WordPress updated, and using a good security plugin – and your site could still get hacked because the hosting company didn’t have good security precautions in place.
In addition to better server security, managed WordPress hosting companies will regularly update WordPress whenever a new version comes out. However, they typically will not update your plugins or theme, nor will they look over your site after the update to make certain nothing is broken. You’ll have to do that yourself or hire someone to do it for you.
What to do now: Move your WordPress website to managed WordPress hosting.
I personally use and recommend SiteGround.com Managed WordPress Hosting. I love that I can host multiple WordPress sites for one low monthly fee, instead of being charged per website. With as many websites as I have, it’s a huge savings.
If you only have one or two websites, I can also recommend WPengine.com. They offer more services than SiteGround and are a very reputable company known for outstanding customer service.
Check with your webmaster to see if they will maintain updates on your site and fix any problems that crop up. I’ve recently started offering this service to my own clients because updating WordPress is so very important.
What are You Willing to Risk?
You may be wondering if you really need website security for your coaching website. I understand. You’re busy trying to get clients and run your health coaching practice, and this seems like just one more thing to add to your already full plate.
But consider what you are risking if you don’t take precautions now:
· Loss of business and leads
· Being offline for days or weeks
· Loss of reputation
· Losing your website content
· Loss of time, money, effort, and peace of mind
There are two important things to remember about WordPress website security:
· There is no one-size-fits-all solution for every website due to incompatibility issues with various hosting platforms, WordPress themes and plugins. I’ve given you the general basics on what you need to know. And I listed my personal recommendations based both on what I use and my extensive research.
· There is no one tool, software, plugin, or hosting company that will do everything you need. You will need a combination of solutions that work well together.
5 Steps to Protect Your WordPress Site
1. Start with a full site backup.
2. Next, make certain you have unique, strong passwords and a way to easily keep track of all of them.
3. Update your WordPress site to the latest version. Update your theme and plugins, then check over your site to make sure everything is working correctly, and fix any problems you find.
4. Add and configure a security plugin to your site.
5. I recommend migrating your site to WordPress managed hosting and
Please let me know if I can be of assistance by posting a comment or question in the comment box below this post. Or let me know which of the recommendations has been most helpful for protecting your WordPress website. I’d love to hear from you.