No matter how large or small your site is, or what niche it occupies, it’s likely to be the target for at least a few attacks over its lifespan. Protecting it is essential if you want to avoid losing data or seeing part of your site break. This means putting some careful thought into your site’s security provision.
Here we show you how to achieve the ‘holy trinity’ of website security solutions – a firewall, an application-level security tool, and a robust backup plugin.
- Protect your site with a Web Application Firewall (WAF)
You’re probably familiar with the concept of a firewall, at least in a basic sense. Firewalls set up a barrier between a system and the outside world and attempt to keep anything out that might cause harm to it.
There are various types of firewalls, but for WordPress users, you’ll need a Web Application Firewall (WAF). This is set up between your server and the rest of the internet. It monitors incoming traffic and data to your site and blocks anything it finds to be harmful. A quality WAF is also updated regularly to recognise the latest threats and keep them out.
It’s worth checking your site’s hosting provider, to see if it provides WAF. If it doesn’t, or if you just want to be safe, you can also install your own solution. There are plenty of options available, although Cloudflare’s offering is an excellent place to start.
1.Install an application level security plug in
One of the most common ways websites are hacked is by users who force their way in via the login screen and other key entry points. These ‘brute force attacks’ are the equivalent of someone knocking down your site’s door and forcing their way in. To extend the metaphor, you’ll need to lock up all of its doors and windows tightly if you want to prevent that from happening.
The best way to do this is to install an ‘application-level’ security plugin. This is a tool that adds features to the site itself, rather than operating at the server level (as a WAF does). A quality application-level plugin will offer a variety of options for protecting your site, focusing on the most common entry points for malicious traffic.
2.Backup your site regularly
While a WAF and an application-level security plugin together can prevent the majority of attacks to your website, no solution is 100% perfect. New attacks and threats appear every day, and a dedicated hacking attempt can make it through even the most effective set of safeguards.
That’s why, in addition to locking up your site tightly, you also need a ‘plan B.’ If your site is hacked or compromised in any way, you’ll want a quick and easy way to address the situation. Enter backups.
This is simply a copy of your site and its data, stored in a safe location. This is a lot faster and simpler than trying to address the attack directly and can be a lifesaver if important data is deleted or your site is brought down completely.
Backups are so vital that there are hundreds of solutions for creating them. Once again, your web host may provide you with the tool you need, or even handle backups for you. If not, you can simply install a backup plugin on your own.
Protecting your website isn’t something you can do with a single action or tool. Keeping it safe will involve developing a multi-faceted plan – one that considers all the ways something might go wrong.
Women Love Tech would like to thank By Mark Randall, Country Manager ANZ, WP Engine for his article.