Today’s ever-evolving digital and data-driven economy and the expansion of the Internet of Things (IoT), which has been further accelerated by COVID-19 social restrictions, has opened new avenues for cyber criminals to take advantage of retailer’s web security vulnerabilities.
A rising threat is ransomware which affects physical processes through connections via the IoT. In fact, there’s been a 60% increase in ransomware attacks against Australian businesses in the past year. Businesses of all sizes are being impacted, for example major Australian retailer JBS Foods fell victim to a ransomware attack recently which affected more than 1,000 companies globally. The ransom demands ranged up to $6.9million, making it the biggest global ransomware attack on record.
Mitigating risk and securing your business with a safe content management system like WordPress is vital. According to WP Engine’s recent WordPress economic study, WordPress saw a large surge in usage in Australia last year – partly as a result of its secure by design infrastructure – and we estimate over half of the web will be on WordPress by the end of 2025 in Australia and globally.
While no content management system is 100 percent secure, half of WordPress hacks are either a direct result of third-party plugins, which are small programs you add to your website to provide additional functionality, and the other half is due to a lack of basic security practices by the user.
Here are five simple tips to ensure your WordPress website is safe and secure against malicious cyber attacks in today’s landscape:
- Encrypt your website
The first step is to implement a standard security technology called a SSL certificate. A SSL certificate establishes an encrypted link between a server and a customer, ensuring hackers can’t intercept the data shared on your site. This is especially important with sensitive information like credit card numbers, usernames, and passwords.
You can purchase one from a third-party company or check to see if your website hosting provider includes a free SSL as part of their service. One popular example is Let’s Encrypt.
It’s easy to check if your SSL certificate is functioning properly, as your URL address will start with HTTPS, while a site that’s not SSL certified will begin with HTTP.
- Install a security plugin
Installing a security plugin is a must-have. For WordPress users, Sucuri is the gold standard in all matters related to website security, with specialisation in WordPress security.
When choosing a security plugin, it’s important to remember that not all plugins are created with equal performance and a poorly designed or coded plugin can, in fact, produce the opposite results to what is desired, making it easier for bad actors to access your site. Like many businesses, don’t fall into the trap of getting the cheapest or most downloaded option as these can often be modified to include malware.
- Update your website regularly
When your website is left un-updated, files can become traceable and your site can become an easy target for external hackers. When you see an orange notification in your WordPress dashboard next to your plugins or themes, or receive a notification to upgrade WordPress, be sure to click on it.
WP Engine also offers a Smart Plugin Manager functionality that tackles the burden of keeping plugins up to date and automatically manages all of your WordPress plugins through machine learning and visual testing tools so you never have to worry about forgetting an update again.
- Limit login attempts
Many content management systems don’t have a limit as to how many times one can guess a password to login into a website, which can become an issue when determined hackers won’t give up. For example, a hacker could use a script to enter different password combinations until they’ve cracked the code. These are called brute-force attacks.
To avoid these, limit admin access to ‘must-have’ users and make sure they’re using a Multi-Factor Authentication (MFA). For added security, install specific plugins such as JetPacks Protect that minimise the amount of login attempts to your website. or even better still, see if your host implements this feature for you.
- Choose the right technology partner
Partner with a trusted WordPress technology company like WP Engine which will do the work for you. They provide enterprise grade security infrastructure including automatic security updates, real-time security threat detection and mechanisms for disallowing dangerous and insecure commands. Overall they will help you take control of changing security threats for your customers and recommend fixes to bleeding-edge threats.
As the digital world gets smarter, so do hackers. Effectively implementing authentication and security measures in a way that enhances the overall customer experience and builds trust among consumers while staying on top of evolving threats has never been more critical.
Now ask yourself, ‘What’s my likelihood of getting breached?’ Putting these five tips into practice will help keep your site safe.
Ricky Blacker is senior solutions engineer for Australia and New Zealand at WP Engine.