Website security is not the most exciting topic - we understand that, but once you get hacked, you'll realize how much good security is actually worth. We've had our fun with quite a few attacks in our careers, and the tedious cleanup can be really nerve-wracking, expensive, and time-consuming.
And that is why we want to show you how to easily make your WordPress website more secure without spending too much money.
The cybersecurity industry is booming over the past years and it continues to grow. In our information age, hackers can cause huge damage, prompting companies to invest more in their security every single year.
But what about you? Do you really need additional tools, plugins, or other software to protect your or your clients' websites?
The short answer is: It depends.
If you only run a small website that doesn't (yet) generate much revenue, then it's probably enough to pay attention to the basics. But if you have some money leftover or are already generating regular sales, then it's time for you to bring out the bigger guns.
From our experience working with startups and large corporations around the world over the years, we want to give you our tips for both scenarios.
But before we start, here a quick note.
|No matter what situation you are in, we don’t recommend using any security plugins like Wordfence, iThemes Security, etc. Each plugin eats up resources of your website and it's not worth it compared to what they offer you. On top of that, around 98% of all hacks are carried out through plugin security vulnerabilities. Imagine being hacked because you use one of these plugins without even knowing that it came from them – wouldn’t that be ridiculous?|
Alright, now let's show you how to protect your website properly.
Make sure you read them all, as the following recommendations build on each other.
New website, low budget.
Over 99% of all attacks are DDoS and malware attacks. Therefore, you should cover yourself against these types of attacks in particular.
Here is what you want to do:
- Always use strong passwords. I shouldn't need to give you this basic tip, but sadly most people still don't seem to get it. Please just do yourself the favor and create passwords with good length including upper and lower case letters, special characters, numbers and don't use the same password everywhere.
- Use the free CDN from Cloudflare. The free version protects you completely from any DDoS attacks. And a nice bonus is that your website will be additionally faster by using a CDN.
- Hide your login URL. Most websites leave their login URL to the default aka “/wp-admin”. This makes it very easy for bots to target your website with password software. A simple, free, and lightweight plugin like WPS Hide Login will allow you to change that URL easily, giving you an extra layer of protection.
- Take backups of your website. Malware can clutter your site, being able to reset your site when all was well is worth a lot at all times.
- Update your plugins regularly. This will help you to prevent security breaches. That doesn't mean that you have to check for new updates every day, it's enough to open your update tab inside WordPress once a month.
- Change your hosting provider. We get it, shared hosting is cheap, but believe us, the few bucks more for cloud hosting not only makes your website faster, you additionally safeguard yourself from server attacks. Shared hosting means that you share the server with other people and if they get hacked it's more likely that you are also at risk. For low-budget cloud hosting, we recommend Cloudways (starting at $10 per month), it comes with a Firewall and Bot Protection.
Average traffic & sales, medium budget.
- Consider Kinsta for your hosting. Kinsta's cloud hosting starts at $30 per month, but your website will run on Google Cloud and Kinsta will repair your website completely free of charge in case your website gets hacked. Their support is extremely good as it is, but this extra service is probably the perfect way to get your own little cybersecurity team for free and you won’t have to be worried about handling any repairs.
Lots of traffic & high sales, big budget.
Hire a cybersecurity company or well-qualified employee(s). Here we are already talking about very large companies. At this point, it no longer makes sense to cut corners. Losses due to security breaches are too expensive at this point not to hire a company or a cybersecurity team.
We hope these tips will give you a good overview and hopefully encourage you to do something for your security before it gets serious.