You don’t want to lose your hard work and see your site go down. Website owners face numerous threats ranging from relatively harmless (but undoubtedly annoying) spam, to serious hacking attempts that can take down your website and irreversibly delete your data.
Most of us tend not to worry about security until it’s too late, but it’s not something you ever want to overlook. The repercussions can be very serious.
WordPress is a great platform and they do an excellent job with security and releasing swift updates for any vulnerabilities, however due it its popularity and uniformity within the file and database structure, there are many ways that your site is left exposed.
There is no need for alarm however, as there are numerous free or premium plugins that you can easily install and set up on your WordPress website to stay protected. Using these plugins will go a very long way in ensuring that your website is protected against any threat.
We want to see Canadian businesses thrive so here is our list of five top recommendations for free plugins that will keep your website safe:
One of my favourite plugins when it comes to keep your website protected and secured is Sucuri. This plugin just needs to be activated and immediately your website will be protected from malicious users.
The way Sucuri works is that it constantly monitors your website files and notices if anything suspicious has been added or if any of your files have been modified. This plugin has saved me on numerous occasions and I highly recommend it as a tool for preventing hacking, and also for restoring your site after a hack.
The plugin works effectively right out of the box, but it has many advanced configurations that can be activated to protect your website further. Only tweak those settings if you are aware of what they do, otherwise you could make the security so robust that you limit your own access. While it won’t break anything on your website, it could cause issues with restrictions.
It has a premium version as well if you want to upgrade which is definitely recommended for larger sites or those facing constant attacks. However, the free version does an excellent job of protecting your website.
Another great security plugin you can use on your website is WordFence. It’s the most popular security plugin with over 22 million downloads. WordFence is similar to Sucuri in that it protects you from hacking attempts and malware. It also uses an integrating caching method that they claim makes your website up to 50x faster.
Because of it’s popularity, it’s very well maintained and updated frequently. They also have extensive documentation to reference and a very active support forum.
Some of the features that come included with WordFence is a powerful firewall, live traffic view, and a full site scan. WordFence has live protection to ensure that you are always secured against any attacks.
WordFence also has a premium version that they offer. With the premium version you get additional features such as premium support, country blocking, scheduled scans, and several more. This is a very powerful security plugin and highly recommended for any WordPress website.
One of the foremost tools that every website owner needs to utilize is to have regular backups of your entire website. This is absolutely critical because once your data is lost, you are generally out of luck.
Hosting providers do usually provide some form of limited back ups, but it’s definitely not something you should rely on. Instead, protect your website by installing a backup plugin.
There are numerous great options to choose from when it comes to a backup plugin, and my recommendation goes to Updraft Plus.
This is a free, easy to use plugin, that has several great features. You can set it up to create backups of your website automatically, and it will also backup your website before you make any updates to your themes or plugins that could override. your data.
The best way to prevent spam coming through your website forms is to add a captcha that forces users to verify they aren’t robots. Captchas can come in many different forms, most of them annoying to fill out, but the best of these is undoubtedly the Google Captcha.
Chances are you’ve seen Google Captcha numerous times around the net, it merely asks you to check a box to verify you are human. It may seem simple on the surface, but there is actually an intricate algorithm behind it that detects ‘natural’ movements from the fabricated ones by analyzing various patterns such as your cursor movement prior to clicking the checkbox.
This plugin allows you to setup the captcha on your website with relative ease. It will also give you the option of adding it on your login screen to prevent those incessant login attempts from the bots.
A captcha is a great tool at limiting the number of spam entries you receive and login attempts. While it may not remove all of them completely, it is incredibly effective and will cut the spam down significantly.
Adding a captcha is mostly aimed at reduced spam, but also at limiting automated temps to log into your WordPress. All those entries clogging up your mailbox can get pretty annoying, and on top of that they use up your space bandwidth. Being able to curb that by simply activating this plugin is an obvious choice.
This simple plugin allows you to keep track of all the activity happening on the back end of your site. You will be able to notice any suspicious activity and which user/IP address this came from though your WordPress dashboard. It’s really simple to use and there is essentially no setup involved beyond just activating the plugin.
I often have this plugin enabled in my arsenal as you always want to be in the loop at all the activity happening on your website. If there is sign of trouble, you can pinpoint exactly where it originated. Otherwise, you may be left out in the dark.
The other benefit of this is that you will have a log of all the activity that you can reference in the case that something may go wrong. It will inform you of any updates to WordPress, themes, or plugins which might have occurred, any blog posts that have been created or deleted, failed login attempts, and several other instances.
This plugin like many of the others on the list, also has a premium version available. This allows you to receive premium support from the authors of the plugin and offers several additional features. There are also many useful add-ons available add onto this plugin such as receiving email notification on any changes you specify. This way you can also stay on top of what’s happening on your website in the background and be immediately altered to any unwelcome activity.
Outside of using a plugin, there are plenty of other steps you can take to make sure that your website and data remains secure.
Avoid using passwords that are simple or easy to get. Always make sure your passwords are at least 8 characters as that makes it significantly harder for brute force hackers to crack. Also on WordPress, always avoid using the default name ‘admin’ as a username as that makes it much easier for hackers to try and get inside your website. Be careful when logging into your website from a public and/or unsecured connection such as at a cafe or a library, as that may leave you exposed for hackers to get your information.
When we work with our clients from Toronto, we always make sure that their websites are set up securely right from the onset.
With WordPress being such a popular platform, there are thousands of plugins for various security functions to choose from. Chances are if you have a concern about something or are looking for a specific solution, there is a plugin that is perfect for your needs.
Your website being compromised has more far reaching detriments than you may realize such as google penalizing your website and ranking you lower in their search results. Also your traffic will take a huge hit if your site is inaccessible which could affect your revenue.
While there is no such a thing as being 100% secure, any steps you take will go a long way in keeping your website protected. Even the most secured websites can still be infiltrated, but it’s better to be protected against 95% of vulnerabilities than 5% in any circumstance.
If you are just starting out and have a relatively small business, you might think that you won’t be target, but that’s not a chance worth taking. At the very least, there are automated scripts and robots always probing the web for vulnerable insecure website.
Don’t take the security of your website lightly and become another victim, get yourself secure and enjoy the peace of mind.
Michael is a senior full-stack developer with 10 years of professional experience working on a wide range of projects and environments with a background in digital marketing and UI/UX design to structure websites with the end-user in mind.