Online security is a major issue and must be taken very seriously. The recent security breach that happened to GoDaddy is a reason to run a safety check on our website and online platforms as well as review our safety protocols. It was a pretty big deal, as it exposed over a million users’ websites and email accounts, and even if this isn’t your hosting company, it can still affect you as hackers might be using familiar emails in their phishing attempts. Especially when you consider that they were totally unaware for 2 months!
We tend to think this type of thing only happens to others (who’s going to be interested in my small little website?), but it happens every day. In fact, we’ve seen it happen to multiple suppliers, and it might have happened to you as well!
Keeping your online properties safe is one of the most important things you can do to protect yourself and your business. Having your website content altered or just wiped out all of a sudden can cause a major headache and business interruption.
The good news is, that there are a few things you can do that don’t involve that much technical know-how to keep your properties secure, especially your website.
1. Use strong passwords.
Your username and password are your first line of protection. Make sure you create long strong passwords and change them on a regular basis. Don’t share your password with anyone, use password managers such as LastPass to create unique passwords for each of your staff who need access.
2. Secure your login page
Your login page can be especially vulnerable to brute force attacks which are one of the most common ways hackers can gain access to your site through login attempts. Besides having a strong password, you can take your security even further by adding security features such as two-factor authentication, limiting the number of failed login attempts, and blocking certain IP addresses from accessing your login page
3. Keep a backup of your site on your computer
Backups can be a lifesaver. Download a backup of your website before and after performing updates, every time. Even if your hosting company offers daily backups, having a clean version of your site is invaluable if there is a major issue like what happened with GoDaddy. If your site were affected you could go somewhere else and have your site up and running in no time.
4. Use secure hosting
You can do everything possible to secure your WordPress site on your end, but as GoDaddy’s clients just found out, none of that will matter if your hosting environment isn’t secure. We recommend reputable hosting companies that specialize in WordPress and WooCommerce, such as SiteGround, the one we use for our websites, because of the added security measures and performance features.
5. Limit user access to your website
If you do have multiple user accounts you should limit the amount of access that each user has to the backend of your site. This will reduce the chance of any settings accidentally being changed.
6. Keep your WordPress core, themes, and plugins up to date.
WordPress is constantly improving its security and functionality, you always want to make sure you’re running the latest versions. The same goes for themes and plugins, use only reputable providers and stay away from fly by nights.
7. Install an SSL certificate on your site.
Even though this has been a requirement for a few years now, there are still some distributor websites without SSL certificates. The purpose is to encrypt your user’s connection and secure any data transferred between the browser and server, as well as encrypt your admin data. Not having one can deter users from going to your website as they will encounter an ugly warning, affecting your credibility.
8. Take precautions when accepting file uploads through your site
As a promo distributor, you want to be able to accept file uploads for clients, but you want to make sure they are not uploaded directly to your website and that you have the ability to run them through malware before opening them.
The Point: Create Your Own Security Protocols
Security isn’t a set-it-and-forget-it type of deal. Hackers are getting more and more sophisticated and one can never be too careful. It’s something that’s constantly evolving and you need to regularly update your site’s security protocols and conduct routine website safety checks if you want to stay protected.