Is my website secure?
At Vital, we build our websites on the WordPress platform. WordPress often gets criticized for being “un-secure” and the most succeptible to hacking. As of today, WordPress powers 15% of the world’s websites, which is a staggeringly high number. Knowing this, it’s easy to see why WordPress is one of the most hacked CMS’s. Just ask anyone who’s ever had a Windows virus. Hackers will always target the most widely used software first.
As a result, Vital makes sure that the websites we build are as secure as we can make them. Our development team knows what it’s doing when it comes to securing a WordPress installation and we have a laundry list of security checks that we go through before launching any website. Unfortunately, even with the most strict security measures in place, your website can quickly become an open book if you aren’t vigilant in your own security procedures.
How do I keep my website secure?
Let’s start off by acknowledging the fact that there is no way to make your site (or any system) absolutely secure. All you can really do is try to minimize the risk as much as possible. Here’s how:
Use strong passwords
This is a no-brainer, but the majority of passwords I get from clients are incredibly weak. Your password is often the one and only barrier that needs to be cracked in order for an attacker to gain access to a system.
When creating a password, you must resign yourself to this law of the universe: The more secure a password is, the less convenient and memorable it will be. Take a look at the most popular passwords of 2013. Most of them are very easy to memorize, making them easier for their owners to use. It also makes them very easy to crack. Take a password you currently use and test it out at HowSecureIsMyPassword.com. How long does it say your password will take to crack?
My recommended formula for a strong password is to make sure it’s no shorter than 14 characters and a mix of uppercase and lowercase letters, numbers, and symbols. The longer the better. If you really prefer something more memorable, I also recommend using passphrases. Passphrases have the benefit of being very long but also very easy to remember. A passphrase is something like “my hovercraft is full of eels.” This passphrase could likely take 6 nonillion years to crack and you’ve probably already memorized it. If you start using passphrases, I strongly recommend you use one or more non-dictionary words in your phrase to make it even harder to crack.
Here are a couple tools to help make your online life more secure:
Prevent your passwords from falling into the wrong hands
Once you have secure passwords, you need to keep them secure. How often do you access your website while on public WiFi? It might scare you to know how easy it is to snoop on other people using a public WiFi network. Using a VPN like Cloak or Private Internet Access eliminates that problem. If you don’t want to pay for VPN but still want to go to your local coffee shop and do some writing for your website, first type it up in your text editor of choice while enjoying your latté. Then, when you’re back in the office or at home on your private network, you can securely log into WordPress and publish it. You might also want to create a special user account in WordPress for use on public WiFi. Set this user’s permissions level to “Contributor.” A Contributor can write posts, but can’t publish content and has no access to sensitive areas. If this user is compromised, it doesn’t let the attacker do much beyond writing some poetry that no one will ever see.
When you need to share your passwords with other people, how do you go about it? Do you send them via email? Unless you’re encrypting your email messages on both ends, you shouldn’t be doing that. Emails can be intercepted and if your email account is hacked, your messages are full of login details ripe for the taking. Instead, use a secure system like Dropbox, Google Drive, or NoteShred to share sensitive information. You can also split up your data, sending the username via email and the password via text message. It’s a bit of a pain, but worth it in the end.
