The WannaCry ransomware attack of 2017, which hit a mishmash of organizations all over the world such as the National Health Service in England and closed down 20,000 gas stations in China, caused an estimated global financial loss of US$4 billion. The 2016 US presidential election was beset by Russian interference, with US intelligence officials concluding that the Russian government was behind that interference.
For the better part of this decade, the issue of cybersecurity has escaped mainstream attention. Some attacks, like the iCloud leak of celebrity photos of, shall we say, indecent exposure in 2014 and the Sony PlayStation network hack in 2011 were highly publicized but were limited to certain segments of the population. It wasn’t until recently that we’ve begun seeing brazen attempts at hacking that affects the population as a whole, which has now shone a spotlight on the issue of security in web development.
Digital security on the internet
Ask yourself this, just how much of your information is stored somewhere on the internet? My credit card information for example is stored in at least 3 different platforms I frequent. My personal journals and writings, most of which are unpublished and will remain so for the foreseeable future, are stored in a note-taking app I frequently use. Even Tinder has a repository of the embarrassing pickup lines I’ve used so far, to surprisingly good results, I might add.
The WannaCry attack in 2017 has highlighted just how vulnerable we are in the event of a global attack. For web admins running on WordPress, issues of cybersecurity are especially important. Because of its popularity, with roughly one-third of all websites powered by WordPress, the platform has a target on their back and with WordPress’ open-sourced nature, making sure that the platform is completely safe is almost an impossible task.
Now, it has to be said that the WordPress foundation does an excellent job of maintaining security within their platforms but it still remains the fact that for the big companies that uses WordPress, they usually have their own extra security methods. Even inside the WordPress community itself there are a number of plugins that aim to add extra layers of security on top of the default ones. For admins looking for easy ways to bolster their WordPress website security, here are 4 simple tricks you could use.
Be diligent with WordPress updates
The WannaCry ransomware attack hit the world in May 2017. That much we all know, but what’s less known is that Microsoft already distributed an update for Windows server in March that same year that was aimed to closed the vulnerability that the ransomware use. For some reason or another, companies aren’t always diligent in implementing updates, which as we’ve seen can be awfully detrimental.
Always be diligent with your updates and not just with the core platform itself, but with all of the plugins and theme you’re using for your website. If the developer of a plugin you’re using is late in issuing updates to keep up with the core WordPress platform, ditch them and find one that’s similar and timelier. More than half of WordPress vulnerabilities come from plugins, which is more than the one-third that comes from the core platform itself.
Don’t use the default URL for login page
Using the default URL for login, which is usually just the URL for your website added with /login or /admin, is like putting up a sign for hackers that says ‘Hack me!’ To combat this, get in touch with your developers to change the login page into something else and share this information only to those in charge of maintaining your website. Non-developers could also use a simple plugin that allows them to do this.
Use WordPress security plugins
If you can’t be bothered about handling security issues, you could always pay someone else to do it for you. There are a lot of security plugins for WordPress out there and some even offer a basic free version that should be enough for the average users. Wordfence and iThemes security are two examples that offer both a free and premium version that still receives regular updates.
Maintain regular backups
This is more of a safety net than a security measure but no less important. Even after you take all three of the measures listed above, it’s completely possible that at some point, something or someone could slip through the cracks, which is why having a backup is important. I mean, none of us actually plan to have cancer but that’s not going to stop us from having insurance.
Backups are like insurance and it would be a good idea for you to have a physical backup in place, like on a hard drive, in addition to the ones available within your hosting platform. Never put all of your eggs in one basket.
All of the methods here have a couple of things in common; they’re both simple and proven methods on improving your website security. Even if your business might not seem to be relevant enough to attract the attention of prominent hacking groups like Anonymous or the Shadow Brokers, you could still be the target of simple ransomware attacks. Never underestimate these threats and always take proper care of your website’s security.