We live in a world where you need to protect yourself and your business. There are people out there that spend the majority of their waking hours trying to hack into websites. So how do you know whether your site is protected?
WordPress powers over 40% of the world’s websites. Given its popularity, it’s probably no surprise that it’s often targeted by hackers. While we recommend WordPress for practically all websites, WordPress is the platform that you need to keep on top of most. In general WordPress is pretty secure, but there are a few measures that you need to take to keep it that way. There are two areas that WordPress users need to focus on: updates and hardening.
Updates are pretty straightforward – ensure that your version of WordPress, your plug-ins, and themes are all at the latest version. While these updates typically contain new features, functionality, and bug fixes, they often also include security fixes. Your hosting company may get you partially there as most offer managed WordPress which means that they test out and upgrade WordPress and some key plug-ins shortly after they are released. But it’s on you to ensure that you’re keeping up with it. A good maintenance plan will ensure that all of these components are regularly updated and keep your site safe.
In addition to keeping your site updated, you should take measures to further protect your site. Installing an SSL Certificate (which should be included in your hosting) helps protect your visitors when they enter data. All sites should have this because Google has considered it as a ranking factor since 2018.
You should also install a firewall on your site – this will protect your sites from most attacks. Additionally, running regular malware scans will ensure that attacks will be identified right away. You can take dozens of other measures on WordPress: from using MFA (multi-factor authentication) to strong passwords to IP restrictions and more. We have a set of security guidelines that we use on all of the WordPress sites we build and/or maintain.
Wix, Squarespace, and Shopify are all popular platforms due to their ease of use. They also do a decent job of securing their sites. However, like WordPress, these platforms have large install bases so they are a popular choice for hackers. Even though the companies do their part to protect your site, you still need to ensure that you’re using a strong password and be protective of how you store it.
There are a lot of value-priced all-in-one solutions where a website is included as part of a package. You’re really rolling the dice when you use some of these services as they are low cost for a reason – you often get what you pay for. While we rarely recommend Wix, Squarespace, or Shopify, we at least have some degree of confidence that you can have a successful business website on those platforms. But with lesser-known services, it’s hard to look at their track record on security as there’s just not enough data out there. It doesn’t mean that they’re bad services and not secure, it’s just that you need to use extreme caution when using them – and be sure to ask them about their security measures.
One final note:
It is our practice, and that of most software developers, to not share details about exploits and security fixes. Explicitly detailing a security hole, even if a patch is available, just gives more visibility to the security flaw. It would be like you telling everyone in your neighborhood that the lock on your front door is broken – you don’t want to advertise that there is a problem (some of your neighbors may use the same lock and it may be broken as well).