Cybercrime is part of the daily reality for any site owner. Hackers create malicious automated bots that continually seek ways to access sites and enslave your servers to run programs (cryptocurrency mining etc.), steal your customer data – and no they don’t care if you don’t have any data – they’ll try anyway, or take over your site to run dodgy ads.
Keep Your WordPress, Themes + Plugins Up-to-date
It’s critical to keep your core WordPress files and all of your plugins updated to their latest versions. Most of these updates contain security patches that address recently discovered issues. Cybercriminals spend all their time looking for loopholes so you should spend some time plugging them!
Usernames + Passwords
This is simple stuff but I can see from all the accounts I manage that hackers do continuously try to access sites using the default user name “admin”. Never keep this as a username to your WordPress site because it’s like leaving your door unlocked! Same goes for passwords – use a strong one not “123456”! You could use a whole sentence or try the G rated Dinopass Strong Password generator.
Use a Good Host
Having a host that is optimized for WordPress is going to help you a lot in fending off basic attacks. I use SiteGround which provides a lot of built in security and offers a free SSL certificate and CDN and has a server in Singapore. Even without security software I saw a dramatic reduction in approaches. WPEngine is another good choice and has a server in Taiwan.
Install a Security Plugin
I use Wordfence which specializes in protecting WordPress websites. It will help you monitor activity like failed logins, code injections, out of date plugins, blocked IPs. They have an endpoint firewall and malware scanner that keeps many of the nasties away.
Incident Response Preparation
Even perfectly responsible site owners who follow every security guideline in the book need to prepare for the possibility of a critical security incident.
Log Your Website Events
After you’ve been hacked you’ll probably be asking who did this?! What will help an investigator figure that out is your server access logs. Make sure your host is set to save those. How long should you save them? It really depends on how actively you monitor your site and what your industry/regional requirements are (get legal advice). I have mine set to save a month’s worth because I actively monitor my site and it’s unlikely that something would go unnoticed for longer than that.
These logs provide a dataset that can be used to establish a timeline of events leading up to and during an attack. By identifying the activity taking place and its source, it can be possible to determine the scope of the compromise. That intelligence is how you can know whether an attacker had access to your users’ data or if you simply fell victim to a defacement campaign, and being able to confidently disclose these details to your users can be crucial in dampening the impact to your business’s reputation following an attack.
Make Backups of Your Site
While your host may keep a backup or two it’s imperative that you keep a number of backups of your entire site (files and database) in a location that isn’t connected to your site. Sometimes an attack may have started a while ago without visible effects so you may need to roll back to a previous version.
Know Who Needs to Do What
Who is the person or team in charge of responding to security incidents?
Which other parties need to be involved in which situations?
What defines success in your response?
Are there any mandatory steps that legally need to be taken?