How to add Security to Your Concrete5 & Wordpress Website

These days, adding security to your website is more important than ever.  Website hackers are in full force, trying to find security holes in your website, doing brute force attacks to login to your site or doing malicious activity like doing DDOS attacks to make your website inaccessible.  You need a three fold strategy to keep your website secure. Website security is not just for big enterprise websites.  Small to medium sized websites also need security to keep the bad guys out.  If you've even had to deal with a badly hacked website it can waste hours if not days of your time which reduce productivity and sales.  A small investment up front can save you a LOT of time later.

In this article, we aren't going to cover specific details to secure your concrete5 or Wordpress website.  Every site can be a little different.  What we are going to cover is high level activities that can be used by both enterprise websites and smaller websites.  Good security doesn't have a one pill fixes all strategy.  It is multi-pronged.  And these are the security tips we recommend all sites use:


 

  1. Keep your website up to date - This is particularly true for Wordpress, but all website CMS typically release new updates with security patches.  These are typically easy to install.  There are also plugin updates.  Plugins in many ways tend to have more security issues then the CMS, so those also need to be updated when they become available.
  2. Create Good Passwords - Make sure your website login and database passwords are long, contain numbers, letters and symbols in it.
  3. Website Firewall - make sure your website has a firewall on your hosting account.  A firewall can help identify malicious activity and block the user before bad things happen.
  4. 3rd Party Site Scans & Firewall- Services like Pixo's website scanners and firewalls are an important piece in keeping your website secure.  Website scanning can identify weaknesses in a website so they can be fixed before an issue happens.  They will also look for malicious code on a website so it can be removed and security holes in the website repaired before more damage can be done.  We also offer firewalls that can block IP addresses that have been identified as malicious and also will do packet snipping, looking for bad code that hackers are trying to pass to your website. These types of firewalls are excellent for DDOS style attacks because they keep the bad traffic going to your website from ever reaching your server taking a great deal of load off the server.
  5. Detectify - Detectify is a 3rd party service that does more than the previously mentioned site scanners.  It digs in deep into all aspects of your web server and code looking for security holes that are specific to your type of website.
  6. Hardening The Website - Wordpress in particular has a large number of plugins available that will help secure your website in a number of different ways.  Wordpress is the most targeted content management system on the web, so these plugins like WP Security can help keep the bad guys out.
  7. Security Certificate (SSL) - An SSL certificate these days in mandatory.  It basically encrypts information as it goes from the server to the users browser.  You never want to use a website that asks for credit card information that doesn't use an SSL, but all types of sites should use one.  
  8. Hardening the Web Server - Your web hosting company should do this for you, but not all do it as well as others.  Making sure the proper ports are closed and similar things are important pieces to securing your website.
  9. Regular Website Backups - All websites should be backed up regularly.  Most, but not all hosting companies do this for you.  But in case your web server were to crash or if your site gets hacked a backup becomes critical in getting the site back up and running quickly.

Need help securing your website?  Call 720-334-7496.



For more information about this blog or Concrete5 please contact Jamie Johnson.