WordPress is an excellent content management system (CMS) for websites. This website uses WordPress, and if you are running a small to mid-sized business, chances are that your website uses WordPress as well. By offering an intuitive user experience and a broad array of features, WordPress has allowed business owners to build websites that can communicate with visitors, process e-commerce transactions, and more. With WordPress websites becoming more sophisticated, and the responsibility for managing the websites moving from webmasters to business owners, major cybersecurity issues have emerged.
Your customers want a secure website experience. This means that their business, personal, and financial information remains secure. Visitors to your website (i.e., potential clients) also want to know that if they choose to do business with you, their information will be secure.
Your cybersecurity partner, website host, and web developers should have routine processes in place to secure your website. There can be challenges integrating cybersecurity, hosting, and development when handled by multiple parties, so engaging with an IT partner who understands how these elements are connected and can deliver a complete solution is ideal.
Find a Secure Web Host
Your website’s host provide the foundation on which your website’s cybersecurity is built. When searching for a web host, ask the following questions as a start:
- Do they setup web servers in isolation?
- Do they offer a Secure File Transfer Protocol (SFTP)?
- Do they offer file backup services?
- How do they keep up to date on security upgrades?
If your current web host cannot provide answers to these questions, consider finding a new host with a comprehensive cybersecurity strategy.
Backup Your Website
Whenever you are dealing with data, a backup strategy is a necessity. Data backup should redundant (backups of backups, stored in different locations), secure (both physically and virtually), and reliable (tested and monitored by an IT professional).
Your website data should be backed up to multiple offsite locations, on a schedule agreed to by you and your web host, and in a method that allows for simple restoration.
Ensure Data Security and Encryption
HTTPS (Hypertext Transfer Protocol Secure) is a protocol used to provide security over the Internet. HTTPS prevents interceptions and interruptions from occurring while your website content is in transit.
SSL (Secure Sockets Layer) is a website protocol that transfers visitor’s personal information between the website and your database. SSL encrypts information to prevent it from others reading it while in transit.
A secure website will use ‘https’ in its address and present it’s security certificate in the browser bar.
If your website is not using these security measures, visitors may be hesitant about sharing information with you, conducting business online, and most will receive security notifications from their web browsers that your website is unsafe.
Manage Access to Your Website
Administrators at your business, your web developer, host, and cybersecurity partner will all require various levels of access to your website’s CMS and servers.
It is necessary that you have a plan for providing and removing access, ensuring appropriate access levels, and securing access credentials.
Educate every employee about the importance of security when accessing your CMS.
Password management is yet another routine (but often overlooked) task. Password should be complex, regularly updated, and stored securely. When new usernames and passwords are generated for employees, always share over encrypted channels (e.g., never send a password over email), and never re-use a previous employee’s credentials.
Update Your CMS and Plug-Ins
The most common attack vector for cybercriminals is a known exploit in an out-of-date software application. When these exploits are found by software developers, they create updates to prevent cybercriminals from gaining access.
WordPress and its plug-in developers (e.g., WooCommerce) create updates that contain security enhancements and vulnerability repairs, however, if you do not apply the patches, the exploit remains for cybercriminals.
Deploy a Web Application Firewall
A web application firewall (WAF) sits between your website server and the data connection. It acts as a gateway to all incoming traffic so that hacking attempts, spam, bots and other unwanted traffic is blocked.
WAFs are available on the WordPress CMS as plug-ins (e.g., WordFence). Like all plug-ins, WAFs require updates and monitoring to work as intended. While efficient, a plug-in like WordFence is not sufficient for website cybersecurity. As this post has explained, securing your website requires strategic thinking from all parties involved in its development, management, hosting, and maintenance.
Moving Forward
As small to mid-sized business move core business processes online to remain competitive, it is essential that you provide a secure website experience for your customers.
NeuStyle has the rare ability to deliver a comprehensive website solution, with development from our Software division, hosting from Waterloo Colocation, and with cybersecurity embedded in every process through Waterloo Cyber.