20th June 2019
Website security is a key pain point for small businesses and their customers. For all its benefits and popularity, WordPress can be tricky to operate in that matter. In this article, we’ll help you understand how security plugins can be a trap and what really makes your business website secure.
There’s a good chance you’re accustomed to using plugins as an easy way to add functionality to your WordPress website. Even though they’re usually good at achieving what they promise, it’s crucial to use them in moderation.
Often a plugin isn’t the optimal solution to your problem. On top of that, 98% of WordPress vulnerabilities are related to plugins. So how to keep your business website secure when there are 600 plugins under the “security” tag in WordPress’ repository?
Because of the sheer size of the platform, every plugin can become vulnerable at some point. Here at Nerd Cow, we have identified several trustworthy plugins that we use for most website builds.
Their exceptional features are matched by a responsive support and incredibly quick security updates whenever a vulnerability is discovered. It’s important to analyse the track record and transparency of a plugin before using it.
Popularity is often a good indicator of the above, though as mentioned before, it’s impossible to give an absolute guarantee of security. That’s why Nerd Cow has introduced a monthly WordPress Vulnerability Report, where we track the most popular extensions and report on their vulnerabilities each month.
Plugins aren’t malicious by design and later on, we’ll show you which can improve the security of a business website, but first, we want to talk about the most important security aspects.
Working with a reputable hosting provider is the most important part of securing your business website. Among the 600 WordPress security plugins, there are several that offer a firewall, DDoS (distributed denial of service) protection, and more.
Nerd Cow works with best-in-class partners that offer these security measures as part of the hosting plan. There’s a good chance your hosting provider does the same and the plugins you installed to secure your website aren’t doing anything other than slowing it down slightly.
SSL certificates are installed on your server to validate the identity of your website and encrypt sensitive data that is exchanged between the visitor and your server.
Discover the benefits of an SSL certificate.
Virtually everything plugins can be tweaked manually by your developer. However, as mentioned before, the idea behind plugins is that they provide common functionality in the form of efficient components.
While firewall and DDoS protection plugins would usually duplicate the work your hosting is already doing for you, there are two security plugins that we can recommend.
First, there’s two-factor authentication plugin from miniOrange. This premium solution does what it says on the tin.
You can test the plugin for free for a single user. Even if your website doesn’t have registration for visitors, you can use the plugin to secure your admin account.
Changing your admin login from “admin” is a no-brainer. However, attackers could still get their hands on your usernames. Why make it easier for them by giving them unlimited tries to crack the password?
Limit Login Attempts Reloaded allows you to set the number of tries before locking out the user.
A business website is an ongoing investment. Developing a secure site is just the first step. Your company needs a firm security policy in place covering aspects like password strength for privileged employees.
Professional WordPress maintenance service like ours complements all the above efforts. Not only does it offer WordPress core and plugin updates whenever necessary, but also secure offsite backups and 24/7 monitoring.
There have been countless examples of costly data breaches caused by trivial mistakes. Make sure your company avoids them by keeping your website secure around the clock.