Ever wonder what makes a website vulnerable? Each and every day there are malicious parties who try to hack in or take down someone else’s live site. Just this week, there were large scale attacks on WordPress. This could wreck the SEO you worked so hard to build, corrupt your data, destroy your back up files, and even go so far as to load malware on your visitor’s computers.
If you think that there might be any weak areas in your website now, then you’ll want to keep reading. There are some practical and easy steps that you can take today to make sure your content and your client’s info stays as safe as possible.
Looking for more information on the current state of your security? Contact your website host; they should be happy to discuss what steps they’re continuously taking to sustain a protected environment for your site to thrive.
First, ask your current hosting company the following questions:
- How frequently are security measures updated?
- How often do they run scans?
- How perform server maintenance to increase security?
Once you find out what measures are already in place, you’ll have a much clearer grasp on what to spend your time on next. We’ll highlight some important things to take note of below.
Choose a great password! It should be complex, meaning that you should be using a mixture of upper and lowercase letters, numbers, and special characters. Consider the length of your password as well, you never want it to be fewer than eight total characters and change it frequently.
Never give out your log in information to an outside party. if anyone else needs access to your site, create a user profile specifically for them. This way, you can consider the role you give them as well as which privileges and capabilities that user should be able to access. Go one step further and delete those users once they no longer need to work on your website.
Keep your site up to date! Some hosts will periodically process auto updates if you’re behind; however we prefer to update manually to maintain control. Whichever you choose, make sure that you’re on top of these updates as they almost always contain improved security measures. Items to be updated will include the installation version, themes, and plugins on your website. Be sure to run a full backup before making any of these kinds of changes.
There are some great security software and Plugin options available for download in various price ranges. These will all depend upon which platform you run your website and where it’s hosted. Make sure to do some research and read product reviews before downloading anything into your website. This is also a good time to check with your web host and ask for any suggestions or words of caution. Note: since you’re not running an E-Commerce website nor are you accepting credit cards online, you will not need to focus your energy efforts on encryption.
We talked about user settings in the simple steps above; so now let’s move on to FTP access. Make sure that you choose a secure file transfer protocol method when working with your site’s files. When a developer needs FTP access to work on your website, create an account just for them that you can delete as soon as their work is complete. When possible, we like to limit all developer access to the local or staging server, and allow access to the production server only when deemed extremely necessary.
Sucuri recently announced vulnerabilities in the extremely popular W3 Total Cache and WP Super Cache plugins in which a hacker can execute code on your site without requiring direct access to the backend.
This is a very serious vulnerability, so if you use either plugin you should (1) check that you site hasn’t been compromised and (2) upgrade your plugins immediately.
The check is really simple — just enter the following into the comments form on one of your blog posts:
If a version number (e.g. 5.2.17) is displayed in place of the above code when you submit the comment, your site has been compromised. You should immediately upgrade your plugins.
Website security is extremely important for the long term success of your website. Your clients and visitors will learn to trust your website as a reliable source of local and up to date Real Estate information, so don’t let them down.
Looking for a more secure hosting solution for your website? Find out what makes TRIBUS stand out.
Ask your real estate website provider if they do the following:
- We automatically backup every site, every night and keep the last 21 backups. We can recover an entire site in 2-3 minutes from any backup.
- We require strong passwords.
- We automatically detect intruders and block them in seconds.
- We have built a security network that prevents bots from going through your site and stealing your content and listings.