Website Security and the Health of Your Online Reputation
From a business standpoint, it is important to make sure your website is secure from hackers, viruses, and malware. The last thing your business’s reputation needs is to be know for having a website that delivers malware, ransomware, and viruses to visitors who come to your website. And if you are running an ecommerce website, keeping your online customers personal and financial data safe from malicious actors is critical from a business reputation standpoint as well as a liability standpoint.
One of the most popular website development platforms in the world is WordPress, which accounts for over 1/4 of all websites on the air today. As a result of it’s popularity, it is also extremely popular as a target for malicious actors and just plain spam.
The best and easiest way to keep your company’s WordPress website secure is to install a select set of WordPress website security plugins on your website and keep them up to date.
In this article, we want to examine three of the best security plugins available for your WordPress website. This is by no means an exhaustive treatment of the subject, but these security plugins are a great place to start for any small business owner who is concerned about the security of their website.
Why Should I Be Concerned About the Security of My Website?
Many small business owners are under the impression that hackers and malicious web actors are only interested in targeting large companies. After all, much has been made in the news of large infrastructure companies being attacked with ransomware. So it’s natural to assume that a small website belonging to a small business wouldn’t be of interest to hackers. In point of fact, hackers don’t care about the size of your website or it’s popularity. They are interested in all websites of all sizes. So just because you have a small website doesn’t mean you are safe from attack.
Unless you take proper security precautions to ward off such attacks, you will end up allowing the bad guys to destroy your website, destroy your search engine ranking, compromise your valuable customer’s personal data, and destroy your reputation, in the process of using your website as a platform from which to launch other attacks on other websites, some of which may undoubtedly be much larger companies than yours.
So website security is critical to your business. And with the right WordPress security plugins, you can keep your website secure without being a security specialist or website geek.
An adequate WordPress security plugin should offer a suite of basic features, which include:
- A basic firewall that monitors traffic on your website and filters out malicious or questionable bots before they reach your website’s core structure.
- A malware scanner that will automatically, on a regular schedule, scan your website and isolate specific or potential threats.
- Malware removal features to clean and repair your site should it be compromised.
Wordfence is by far one of the best and most complete WordPress security add-ons you can have on your website. It even comes with a very adequate free version that can be installed and configured with basic feature settings in under a minute. The free version includes a web application firewall, protection from brute force attacks, and a malware scanner. And with over 2,000,000 active installations worldwide, it is by far the most popular WordPress security plugin on the market. It even comes with an email newsletter to keep you abreast of the latest issues you may need to be aware of.
One of the most popular attack vectors for any website is brute force attacks, where a malicious actor tries over and over again to log into your website with multiple user names and password combinations. Wordfence monitors brute force attacks and locks out such attempts after too many failed attempts. It allows you to immediately lock out login attempts using invalid user names, and it also provides for two-factor authentication for even better security.
Wordfence also has a country blocking feature. If you see an inordinate amount of traffic coming from specific countries and server networks, you can stop such attacks and suspicious traffic in it’s tracks.
$99/year Pro Version
Sucuri offers one of the finest and most complete WordPress website security solutions available anywhere. As a premium paid service, it protects your website from brute force attacks, malware injection and a host of other vulnerabilities. Securi also sends you email alerts if you website goes down for any reason.
Once you purchase and activate your Securi subscription and install the plugin on your website, all your website’s traffic will go through their cloud firewall proxy servers where every website request is scanned and filtered for malicious activity, keeping malicious traffic from reaching your actual website. An added benefit is that as a result of Securi’s cloud proxy content delivery system, you also significantly reduce your website’s server load, thereby improving your site’s speed and performance.
Securi protects your website from a broad range of all known attack vectors. They also work closely with the WordPress core team to report potential and emerging security threats to WordPress itself as well as third-party plugins.
In addition to blocking malicious attacks, Securi also:
- Keeps track of backend website activity including last login and by who, failed login attempts, file changes, etc.
- Allows you to do on-demand server scanning for compromised files and infections.
- Includes an antivirus monitoring and mitigation feature that scans your website every four hours to keep your website clean and healthy.
Aside from blocking all the attacks, some other ways Sucuri protects your website are:
- Its antivirus package monitors your website every 4 hours to ensure your website is free from potential vulnerabilities and malware.
- It keeps track of everything that happens on your site, including file changes, last login, failed login attempts, and more…
- It allows you to conduct server-side scanning to protect your website from compromised and server-level infections.
Jetpack is an extraordinarily popular all-in-one plugin from the makers of WordPress itself. It includes both security and performance features as well as a host of features for ecommerce web merchants, as well as automated marketing tools.
Looking at it’s security features, JetPack continuously monitors your site, guarding it from brute force login attacks, spam, and malicious malware injections. It also notifies you when it detects that your website has gone down.
Key Features of JetPack
- Integrated Secure Login Authentication: Integrates your website directly with your WordPress and Woocommerce account.
- Automatic Plugin Updates: Automatically updates all your WordPress plugins and allows you to easily manage all your plugins.
- Site Activity Reporting: See at a glance directly from the WordPress administrator dashboard all your website’s activity in a clear, organized manner.
Jetpack’s premium subscription provides automated site backups, quick one-click restore, comment and pingback filtering, malware scanning, and much more.
The only problem, in our view, with JetPack is that it tries to be all things to all people and can seem bloated at times. But for a one-stop solution for a small business ecommerce website, it performs extremely well, offering seamless integrations with Woocommerce, including shipping and sales tax calculation.
Security Bundle: $11.97 per month (billed annually).
Complete Bundle: $47.97 per month (billed annually).
Make Sure Your WordPress Website is Secure
Website security is complex. Many business owners have old websites that they haven’t updated in years. But website development and hosting technology has evolved and what kept your website safe 15 years ago – or even 12 months ago – just doesn’t work today. As an example, up until that last few months, whoever heard of “ransomware?”
As a business owner, you have more than enough on your plate running your business on a day to day basis without having to learn and understand every security threat that comes along. Ideally, the best course of action is to work with a trusted WordPress website development company who offers a monthly website maintenance and security monitoring service, and can advise you on which website security plug-ins are best for your particular situation.
Beyond that, install one of these proven security plugins we’ve talked about here. You may be just fine with a free version of a plug-in we’ve discussed here, but depending on your needs, consider some of the paid options for more in-depth features. Additionally, take basic, common sense website security precautions including:
- Using strong, not easily guessed passwords consisting of a combination of letters, numbers and symbols.
- Keep your website’s versions of WordPress and all it’s plug-ins up to date with the latest patches and security releases to thwart attacks through unpatched security vulnerabilities.
- Maintain regular, complete website backups. Don’t rely on last night’s backup. Make sure you have several generations of backups going back at least three months at weekly intervals. If your website was compromised a week ago, make sure you’ve got a good backup from a month ago.
There are dozens of great security options out there. But if you don’t know where to start, consider the free version of WordFence. As WordPress security plug-ins go, you can’t beat it.