A website safety check is simple but effective to prevent future problems. There are multiple ways hackers and other malicious entities could infiltrate your network and website. Once they have access, they will be able to steal your data, use the website for nefarious purposes, they will destroy a business from the inside out. Therefore, it is so important to have a regular website safety check.
So, it’s best not to dwell on the idea of whether you should have a regular safety check that could only take a few hours. But save days, weeks, or even years of work.
It’s not a matter of if your website gets hacked, it’s when it will be.
So, this is a checklist that you can follow to make sure your website is safe.
- Enable HTTPS
- Update plugins
- Keep backups
- Monitor file integrity
- Protect against brute-force attacks
- Change your username
- Scan DNS and WHOIS
Make sure your SSL certificate is up to date
You may have noticed that some websites have HTTPS:// before www. This is extremely important as the S in HTTPS stands for the Secure Socket Layer. Which encrypts traffic between the user’s browser and your website. This becomes so important; Google is now factoring the existence of an SSL into its SEO formula. This not only improves security but all the searchability of the website.
Update software and plugins – Remove unnecessary plugins
It is important to have your software and plugins up to date. You can easily update your plugins through the WordPress admin area. While you are updating your plugins, it’s also important to remove plugins that are no longer required. Hackers can buy an out-of-date plugin, update it, and add their own malicious code. Then when the plugin is updated, you have the newer compromised version of the plugin. The hacker then uses this plugin as a backdoor into your site, risking all your and the user’s data.
As mentioned before “It’s not a matter of if your website gets hacked, it’s when it will be”. I have seen firsthand entire websites that have been devastated by malicious attacks. Losing all their content and not having a backup to fall back on. Luckily, Hosting-australia.com is backing up your cPanel and provides an off-server backup service. However, it is important to have your own personal backup. It doesn’t hurt to have two separate backups in case one of them fails. You can easily backup your cPanel, check your HA knowledgebase article for more information.
Monitor file integrity
Pay attention to extra files you post on your website and include them in your website safety check. Any file that is uploaded such as, images, excel, Word, and PDFs may be corrupted.
Protect against brute-force attacks
Use complex passwords, with various letters, numbers, and special characters. WordPress also has an arrangement of plugins such as Limit Login Attempts Reloaded that are made to stop brute-force attacks and ban IP addresses.
A lot of people create a WordPress admin. But leave the username as “admin”. This is the first username hackers will use when they attempt to brute force into your website. Therefore, it is important to change your username to something less common.
You can use WHOIS to check to keep track of your registrar details for your domain. Hackers can reverse engineer email addresses then use the forgotten password feature on the domain registrar to take control of a domain. They then hold your domain at ransom and will not be released until the demands have been met.