What is the cost to your business when your website goes down? Are you running a lead generation website, where if potential clients can’t find you you’re missing out on potential business, or are you running an ecommerce website and missing out on actual sales?
If your website is running on WordPress, good for you, it is one of – if not the most popular website platform in the world, with 1 in 3 website built on it. It’s also very well supported, with updates coming out all of the time. Some of these updates are feature updates, while others are bug fixes and security updates.
Here’s the thing though.
Because it is such a popular platform it is a bit of a target for hackers.
You might think – “why would anyone hack our website?” or “well, they’re not going to get anything if they hack my web site” – but in truth the hackers probably don’t care whose website they are attacking.
The most common thing we see is websites that have been hacked and are sending out spam or phishing emails. You see, the bad guys don’t actually want anything from you, they just want to use your website to run their scams.
Fixing a hacked site is one thing, and ideally it should be back up within a few hours, however longer lasting effects can take weeks to clear up. If your site was used to send spam you might find that – even though the site has been fixed – your valid email goes into peoples spam folders for weeks to come.
Here then are 3 simple things you can do prevent a website catastrophe.
1. Keep it up to date
WordPress and the plugin developers release updates frequently (multiple times a month). Every time an update is released there is a description of the change that goes along with it. The description might say something like “fixed security issue caused by code on line 123”.
All the bad guys have to do it watch the update logs, find things they can exploit (maybe that code on line 123 allows you to upload a file), and then scan the internet looking for websites that haven’t been updated – they don’t do this personally, they have robots that do this for them (code robots, not metal people).
WordPress has a nice and easy interface for updates, and it pays to keep an eye on it. You want to be careful when applying updates – sometimes they can change or break existing functionality. There’s usually a description of the changes that shows next to the update: it’s good to have a look at this before applying an update – and when in doubt test first.
We recommend checking the updates available at least once per month.
2. Use a security plugin
WordPress security plugins can do a lot to protect your site: from blocking multiple attempts to break into your website to scanning for modified files and folders. Most are free, some have a relatively inexpensive paid Pro option which can be worth it for greater peace of mind.
We use Wordfence on most sites ourselves, but there are other great security plugins out there like Sucuri and iThemes Security Pro.
3. Back up, back up, back up
No matter how protected you are, something can always happen, so it is important to have regular backups that you can revert to if needed.
They may be included with your hosting account, and/or there are wordpress plugins you can use as well to back up your site regularly and automatically.
We generally either have backups implemented at the server level, or we use Updraft Plus, but there some other great WordPress backup plugins available including Backup Buddy and WP Time Capsule.
How Often Should You Check?
We recommend logging into your website and checking its status at least once per month (this is what we do for clients on website maintenance plans).
During that time you want to check what plugins have updates available and apply them if wise/necessary; make sure your firewall plugin is running as expected (we’ve more that once come across a site that has the plugin installed but not active); and make sure your backups are running (successfully).
Don’t want to worry about?
Got enough to do already? We take care of these tasks and more for clients on website updates and maintenance plans.
Don’t want to commit to a plan but want to have your site checked? We can do that too. Just last week we had a new client ask us to check and optimize their site’s security and performance. Send us a message through our maintenance page about what you’d like and we’ll get right back to you.