Show Notes

Episode 23

 

00:38

Hi, Al Robert Cairns here, I'm the CEO and Chief creator of meeting ideas at Stunning Digital Marketing comm I hope you're all having an amazing day. Today I wanted to dive back into the topic of WordPress security, and share with you some of the things we do to secure websites. I want to help you secure your website even more website being down due to a hack can impact your business brand and reputation. This might surprise you. But one of the biggest causes of all website hacks is web hosting. Many hosts really don't care about security of their servers. Two of those are AIG and our international group hosting and GoDaddy. Frankly, these two companies and many others do not want to be a partner in helping you, the client who is hosting a website, all they care about is cheap hosting, and you've quoted them for security help. They say they can help you at a fee. These charges you get very expensive. Not only are they not good host for security for many other things. There are many better hosting choices. Our favorite hosting choice for agency is siteground. siteground is an amazing choice and partner and wants to help protect you the client. Let me give you an example. Right in 2018, a major security vulnerability was discovered in the number one GDPR plugin they use on all WordPress sites that could come up with the redirection to a porn site. Not nice at all. siteground blocked the hack at the firewall level. This helped save many sites from the infection. Unfortunately, the only time I've ever been hit our agency site was in the meantime, we had a backup, which I'll talk about later, we were able to recover site in 15 minutes. Good hosting does matter. And the siteground team will will always be amazing in their partnerships with customers they rock. The second thing you need to do is to get an SSL certificate. This encrypts all traffic from the website user to the server. This is really good idea I can help minimize man in the middle attacks. The third strong bit of advice that I have is if you are going to work with your WordPress site in a free public Wi Fi such as a library, coffee shop, hotel, or even a co working space get a VPN, a virtual private network will help encrypt your traffic and stop a man in the middle attack. These accounts and attacks could include things like even stealing your login passwords. The next step is to make sure you have current backups. We use Updraft Plus backup plugin in our agency on hundreds of websites, we set our backups to run on a daily basis. Once the backup is completed, it is automatically uploaded to Amazon s3 Cloud Storage. This puts the backups off site from our servers. We keep six months of weekly backups on our NAS server, a Synology. Nas as well. In some cases, we have had to go back several weeks to do a restore because of infection. Now you might say why do I need to run my own backups? That's my web posts not do that for me. Yes and no. Let me explain. Many shared hosting services only do backups once a week. If that frequent, several like once every two weeks or even a month. That's not good.

 

04:26

Several big coasts outside in North America, I've hacked our backup servers hacked as well.

 

04:33

So why not put in your control the backups? Remember, backup server an insurance policy against something going wrong. Also make sure that you test the backups that they can actually be restored. restore them to a test site on a subdomain to make sure they are working properly. Remember, your backups are only as good as your ability to restore them, test and test Again, now that we've talked about backups, let us look at the WordPress core and theme updates. Do them at least once a week. The one exception that we make in our agency is that good for WordPress core update comes out, we always do them right away. This minimizes any possibility security issues. out of date software is a big part of that. One suggestion, always do a backup before doing any software updates. This way you can roll back easily, and do a restore if there's no problem. Now, let's talk about the WordPress admin account. Do not use the default admin name, change that and change it now. Also, do not give admin rights to users who do not need them. They're just going to do blog posts, then that is all they need. Not full admin rights to the site. passwords, use strong passwords, and frankly change them every 30 days or so. Also use different passwords for each website. Check out LastPass to manage your passwords. This is all I'm gonna say about passwords, as our next podcast will be devoted 100% of passwords and only passwords. Next, install a security plugin. Now this is a little off script from the show notes. But frankly, don't say oh, I installed this security problem, your site's still not secure, you need to all the things I talked about. And take the time to configure the security plugin. And when you configure the plugin, change the WordPress you login back in. And URL just makes it really difficult for script kiddies. For hacking. Also turn on the brute force protection. I think security, even the free version, which is what we typically run that's this really well change the WordPress salts. These are hashing between WordPress in their database. And the defaults are real bad idea. You might want to use two step authentication or protected logging. To protect your logging and even more, we're fed chances. And you can either use the wordfence main plug in or they have a separate program plugin to do it. Now the keyword work fences. They don't just use SMS, there have been hacks SMS, you can they'll either support a key fob or other alternative ways of doing two step check it out. The last tip goes without saying someone leaves your organization terminate their access right away. There's no question about this one. Past employees who are not happy can cause lots of issues if they still have access to your website. And I'm going to give you a few resources. There'll be links to all these in the show notes. Think Like a hacker podcast, WordPress weekly bike This is security security blog, the word fence blog, security now podcast. This podcast we talk about security all the time. And the stunning digital marketing, business marketing and WordPress news. Now, I know there's a lot here, and some people are gonna say I don't have time to do this, frankly, extending digital marketing. We offer WordPress care plans, and we can help you with that. We start we have a $780 care plan. And we have a $980 care plan. The big difference between the two was the 980 care plan, get you a our support every month to make WordPress maintenance changes on your site. And the reality of it all is this 780 1000. And if you're really interested, you can email us at VIP at stunning digital marketing calm. Now in the show notes. I'll put a link to the care plans. So a couple things I'll tell you. First thing is we're increasing our Aeroplan prices as of August 1, and we're launching them on a separate care plan website.

 

09:20

The second thing that I'll do for you because you're listening is great podcast. If by the end of the month you would like to get on one of our care plans. If you email VoIP at stunning digital marketing Comm. I will give you the $980 care plan for the first year for $780 how's that for you? So check it out. And and if I can help you VIP at stunning digital marketing, calm or just fire off your questions. We'll be glad to help you with those. So As always, these are some tips. I hope you take them to heart. I hope you protect your website and have an amazing day. Bye. Bye for now. Thank you for listening to the SDM business Viking WordPress podcast. This show is hosted by Robert Cairns, the CEO and Chief Curator of amazing ideas outstanding digital marketing.com. This podcast comes out every Monday. It is available on all podcast platforms. If you'd like to be a guest on this podcast please email us at podcast at stunning digital marketing comm if you'd like to find out more about the digital marketing services we provide please share our website at stunning digital marketing comm if you're interested in projects, our co chief creative making ideas Robert Cairns his work King on please go to Robert p Cairns calm This podcast is dedicated to Robert site father Bruce cannons. Have an amazing week. Keep your feet on the ground and keep reaching for the stars make your business succeed.