The Horror! Avoiding Site Attacks

Securing your website is a constant responsibility somebody has to do.

As storing personal information online becomes the norm, the number of internet predators looking to gain access to those files is growing exponentially.

Most of us spend time and money avoiding malicious websites. However, many companies fail to protect their sites from becoming part of the problem.

While no site is 100 percent hack-proof, this month's blog post shares 5 helpful tips to protect your WordPress website against common site threats.

According to one study, over 50% of hacked WordPress sites were running out of date plugins and/or themes. Neglecting updates is like leaving your door unlocked. Software versions are traceable and potential website intruders are constantly scanning for out of date software.

Keeping your WordPress website up-to-date is easy, but time consuming. Log-in regularly. Check for orange notification alerts in your dashboard for your theme, plugins and/or WordPress core. Keep in mind that new versions of software often don't play well together on the first release. So be sure to test your new versions before you apply them to your live site.

As part of the SOLID website maintenance service, we run regular updates for our clients.

In the rush to add cool, new features to a website, it's tempting to install a plugin that sounds prefect. Unfortunately, malware often masquerades as a helpful plugin.

Fortunately, because WordPress exists in a development community, bad and/or dangerous plug-ins get ferreted out quickly. Always read the ratings for a plugin and avoid ones with low installation numbers.  Also, check when the plugin was last updated. A good plugin will be updated regularly with security patches.

Should you discover a security vulnerability, reporting it! Send a detailed email to security@wordpress.org or plugins@wordpress.org.

No matter how vigilant a website administrator may be, the day will come when something goes wrong. A rigorous backup schedule can make the difference between a failure being a temporary annoyance or a total disaster.

WordPress has step by step instructions for backing up your WordPress site. 

SOLID's hosting configuration includes automatic daily backups. Should something go terribly wrong, we can roll a site back to its pre-disaster state with the click of a mouse.

Knowing what's going on inside and outside of your website is the best way to identify and stop attacks. Two malware monitoring tools you might want to consider are WP Security Audit Log and Sucuri Security.
As part of our hosting and support services, SOLID clients are protected with real-time security detection to block sophisticated hack attempts as well as good old-fashioned Denial-of-Service and Brute-Force attacks. Our hosting provider also blocks the IP addresses belonging to known spammers and hackers.

No security in the world can protect you from the nightmares that can happen with a cheap hosting provider. SOLID chooses WP Engine’s enterprise-grade infrastructure over cheaper alternatives. As soon as a new version of WordPress is released, our clients' sites are automatically upgraded to ensure they contain the latest security patches.

The hosting platform contains real-time security threat detection against the most sophisticated hacks. Cheap hosts simply can't afford to conduct regular code reviews, security audits or to contract with outside security services.

Our clients' sites are on software stacks tuned to ensure optimal performance, including disk write limitations and protection against scripts known to contain vulnerabilities, as well as PHP tuning to stop dangerous commands.

Finally, in the very unlikely event that a SOLID site gets hacked, our hosting partner will fix it for free.

Now that you know what you should expect from your website and service providers, you can make sure your site is protected from the most common threats.

Have questions or interested in upgrading your game?  Contact SOLID for a free evaluation of your site and your online business strategy.