Did you lock your front door this morning?
I bet you did.
I bet you also secured your windows and back door. Maybe you also set an alarm. This is good security practice. It doesn’t mean that you will never have a break in, but it helps keep your house or business as safe as possible.
Did you check your website security this morning?
I bet you didn’t……
Just like your home or physical business your online business needs constant monitoring to protect it from malicious attacks from hackers. I’m sure you still walk around your house and check it regularly even though you locked the windows – just in case. Well, you must do the same with your website. If you don’t then your site will in time become compromised. It is not a matter of ‘if’ it is a matter of ‘when’.
Hackers are evil and we hate them. As soon as your website goes live they will bombard it (brute force attacks) trying to find ways to inject malicious code and there is nothing we can do about that. But we can try to prevent it, so with this in mind I want to share with you some of the ways we at Fletcher Bentley try to keep our own websites secure.
1. Keep WordPress version, Themes and Plugins up to date.
2. Regularly check your security dashboard.
3. Scan your website regularly for malware.
1. Make sure your WordPress version, plugins and themes are always up to date
How is it done?
1. You can do it yourself: Refer to the tutorials that we provided when we made your site live and do this regularly. It is as easy as clicking a button.
2. You can install an AUTOMATIC UPDATES plugin to update everything automatically.
We may have done this for you. If so, you still need to check back to make sure the plugin is still working, so log into your dashboard and check.
2. Regularly check your security dashboard
We installed the free version of WP SECURITY when we made your site live. You should check it to review your user accounts and filesystem security. Click on the WP SECURITY – FILESYSTEM SECURITY link and made sure everything has a “no action required” setting. If not, update it.
3. Scan your website regularly for malware
How often is “regularly”? Well it depends on how you use your site. Weekly may be enough if you have a brochure site, but if your business depends on your site then you may need to do it more often.
How is it done?
There are a lot of systems for scanning websites nowadays. Whatever one you like to use is up to you. One that we like is Wordfence. We have been using it on our own sites for a few months and it seems to work well. There is a free version and a premium version. I recommend that you go with the premium version especially if your business depends on your website, as you can set your scan schedule and have the results emailed to you. If you should have any website security issues the team at Wordfence will be on hand to help you.
If you have someone on your team in charge of the website and they like a different plugin then that is great, but we like this one. It is easy to set up and use. You can use the free version of WordFence but this version does not do a full scan. However, it is a good way to see if you like it and want to upgrade to the premium version.
BE CAREFUL: If you install a free version of wordfence and do a scan make sure to deactivate the plugin when you are finished, because the free version will keep scanning your website over and over. This will increase traffic to your site meaning you could get a bill from your hosting provider.
When I use the free version I usually delete the plugin when finished scanning and when I want to go back and scan again I install the plugin, then delete it when finished. This ensures that I don’t accidently leave it there scanning all the time…….with a premium version you can set it to scan when you want it to.
For more information, visit https://www.wordfence.com/.
Don’t be afraid.
I often have clients tell me that they don’t know anything about website security, so how can they do the steps above? These 3 points may look complicated but they really are not. Remember that if you have the first two set up you only need to check back in to make sure everything is working.
Please note: If your business depends on your website you should at least check your site every day, just like you check that your door is locked every day. YOUR website is YOUR PROPERTY and you are responsible for keeping it safe. You wouldn’t leave your front door unlocked, would you?
It is the responsibility of the Client to review security tutorials provided by Fletcher Bentley IT, and always keep the website up to date and perform regular security maintenance. We at Fletcher do our utmost to ensure that our clients are informed about how to keep their website updated, but we are not a website security company and we have not been contracted to do any security updated to your website. we do not accept responsibility for future maintenance or security updates.