Websites are being attacked constantly. Literally all the time. You may not realize it, but your own website is probably under attack at this very moment. This is normal.
What isn’t normal is that a lot of web hosting companies don’t provide any security for their customers’ websites other than a username and a password, and their customers are expected to secure their websites on their own. Because most websites are managed by non-technical users, this practice can be more than an inconvenience. It can be downright dangerous.
The following customer images (#1 and #2) are examples of a permanent block list for a single day (only 17 hours actually) and thousands of attempted logins on a single WordPress website. The third image is a website which has been compromised (not one of our clients) and is being used as a phishing site.
This is much more common than most people realize.
There are literally millions of malicious individuals, malware programs, and bots that spend all day trying to compromise websites all over the world, so there’s a good chance that your website is one of their targets. But don’t worry. As long as your hosting company takes the necessary steps to reduce your website’s exposure to attackers – and you follow some basic security practices – odds are good that your website will remain safe and sound.
Use a combination of letters, numbers, and special characters, and the longer the password, the better. If you have trouble remembering complex or random passwords, try using a long passphrase instead.
Installing a two-factor authentication system such as a Duo or Rublon is easier than it sounds, and adds an extremely secure layer of protection against unauthorized logins.
If you’re using a Content Management System (CMS) like WordPress, make sure to update the core files, themes, and plugins whenever they become available. And if you manage multiple websites, you can use a centralized management tool like JetPack, ManageWP or WP Remote to keep everything up to date.
Your web host should have some form of firewall software on their servers to protect against intrusions and unauthorized access. ConfigServer Firewall is a popular (and free) choice for Linux-based servers.
Websites based on WordPress can quickly and easily add protection with the WordFence plugin. It provides custom options to suit any website environment, and it’s free.
For maximum protection, you can add an additional layer of security by hosting some, or all, of your website content on a Content Delivery Network (CDN). By offloading content onto a CDN, your website is less exposed to attacks, and the workload on your website’s server is greatly reduced, improving performance. CloudFlare is one of the leading CDN services, and as a CloudFlare Certified Partner, Pixelwerx customers can take advantage of one-click installation for their websites at no additional charge.
By following these basic guidelines you can improve the security of your website and greatly reduce the chances of your website being compromised. And if you need a hand hosting or securing your website, Pixelwerx is here to help!