This article was first published on October 19, 2011, at The Online Marketing Mix.
WordPress is an amazing tool that has vastly reduced the time and cost for even the smallest of organisations to publish huge quantities of information quickly and efficiently. But in so doing, it has conversely increased the risk that the failure of those websites poses to such organisations.
The UK government recently published a new national security strategy in which cyber security is described as a Tier One threat. This means that the chances of a hostile attack upon UK cyber space is more likely than the Tier Two threat of an attack using chemical, biological, radiological or nuclear weapons. This comes days after a call to define the rules of cyber war.
As Governments move to address online threats, so to should you, now is as good a time as any to look at your own cyber security, and particularly that of your website. Security is is an oft-overlooked part of the ongoing maintenance of a website, but critical to understand and to have a strategy for.
The threats you face are many and varied. From a script kiddie exploiting loopholes, to sophisticated Distributed Denial of Sevice (DDOS) attacks, from theft of proprietary software or sensitive corporate data, to a simple database crash which means you need to recover your website from scratch. You need to be in a position where you can recover and restore lost corporate data.
If a website with just a few pages disappears through either malicious intent, or a plain and pure accident, the cost to a business to replace that website is minimal. If, though, you are running a WordPress based website with a large number of regularly updated pages, perhaps your company blog, plus a media library full of images, videos, podcasts, PDFs of company data, along with various wonderful plugins – all of which you should be doing if you want to build a credible online presence – the cost to your business to return your website to its original state should disaster strike is likely to be astronomical in terms of time and worry, let alone paying for an expert to fix it out for you before too many customers notice.
We all take some of the usual precautions. Anti-virus software helps ward off the major virus threats and probably script kiddies too. Having hard to crack passwords and not sharing them is a no-brainer, as is not responding to unsolicited marketing e-mails claiming to be from your bank and asking for password details.
Specifically addressing WordPress websites – though these tips could be applied generally to any website – ensure that if you have multiple users that they all log in using their own username and password, and that they only have access to those areas of a website which they specifically need to. For instance, whilst I can author posts on some WordPress websites, I might not necessarily also need to be able to add or remove plugins to all of them. WordPress has functions right out-of-the-box which allow you to restrict what different users can do and you should be using them.
It is best to think about security before you install WordPress, as there are some things that will be easier to do during installation but after installation there are many plugins that help you “harden” – increase the security – of your website.
For instance, you can lock accounts which have had a certain number of failed login attempts. Or you can install a plugin to hide the WordPress version you are using so that security flaws specific to that version cannot easily be exploited.
Keeping up with the current version of WordPress should normally decrease the threats you face as each successive release of WordPress will reduce the amount of publicly known bugs in the software. A good rule of thumb is to ensure that you backup your WordPress installation immediately before any WordPress upgrade, and always take regular backups regardless.
Remember that WordPress has, in effect, two distinct elements. One element is the WordPress software and site file contents such as the themes, images and other files you have uploaded to the website either via FTP or the WordPress upload functions. The other element is the database which contains the text you enter on each page or post, along with user details and comments, site settings and lots more. You need to back up both of these elements in order to be able to restore your WordPress website in the case of any form of accidental failure or malicious attack.
Spreading your online footprint across various Social Media networks will definitely mitigate the risk of a website failure, but few organisations exist online simply as a presence on Social Media platforms. In the end you know that your own website is the central hub of your online activities, and as such, needs to be a Top Tier priority for your business.