Do You Need a Security Upgrade for Your WordPress Website?

• Updated on: 2020-03-12
• Read original article here

Do You Need a Security Upgrade for Your WordPress Website?
Posted on March 11, 2020 by Lexie Lu
A hacked website can be devastating for a company, no matter its size. In fact, 58% of malware attacks are directed at small businesses! And the last thing you need as a busy entrepreneur is to worry about losing customer trust, search engine rankings, or website files.  
While WordPress is inherently very secure, there are several ways a site can be hacked, including theme and plugin vulnerabilities and outdated server software. Most hacks are implemented by automated bots that scour the web looking for vulnerable sites without considering business size or popularity. So don’t think that you’re immune to a hack — a bot can attack any website at any time.
In this post, you’ll learn the website security essentials that every site owner should have and find out if you need to implement any advanced measures to protect your site in 2020.
Start with the basics
If you’re a Jetpack user, then you already have access to a variety of security features. Make sure you take care of the following before considering a security upgrade:
Choose strong passwords and usernames
The easier your password is to guess, the easier it is for hackers to get in. Here are a few components of a strong password:
Contains at least ten characters.
Uses both uppercase and lowercase letters.
Includes symbols — like asterisks and parentheses — and numbers.
Doesn’t use common words like “password.”
Isn’t tied to known information about you, like your last name or date of birth.
Avoid common usernames like “Admin,” “Administrator,” or your business name. Instead, choose something meaningful to you but not obvious to a stranger.
Prevent brute force attacks
Creating strong passwords can be difficult, which is why brute force protection is so important. Brute force attacks occur when a hacker or bot tries to guess the correct username/password combination for your site’s admin dashboard. They often use automated software that speeds up the process tremendously — some can guess thousands of passwords a second ! 
Jetpack blocks these login attempts, and protection begins automatically when you connect Jetpack to WordPress.com. Navigate to the Jetpack dashboard to ensure Protect is turned on and see the number of blocked attacks. 
Update plugins
There are huge benefits to using an open source platform like WordPress, but there are also some security risks. Source code for each plugin is readily available, allowing hackers to take advantage of vulnerabilities. In fact, plugin vulnerabilities are responsible for 55.9% of known entry points for hackers.
Typically, developers find vulnerabilities quickly and fix them in a plugin update. Installing those updates as soon as possible protects your website and often gives you valuable improvements and new features as well. 
If keeping all your plugins up to date seems too time-consuming, try Jetpack’s auto-update feature : choose to turn auto-updates on per-plugin or manually bulk-update all your plugins at once.
Add an SSL certificate
An SSL certificate (Secure Sockets Layer certificate) creates a secure connection between your website and your site visitors’ browsers. It encrypts any data shared on your site — like addresses, emails, phone numbers, and credit card information — and protects that data from hackers.
If you don’t have an SSL certificate, your site will show a “not secure” warning on users’ browsers, which can reduce your legitimacy in their eyes. SSL certificates also have a positive impact on search engine rankings .
The process of setting up an SSL certificate will depend on your hosting provider. Some hosts include free certificates, while others charge annually. 
Set up proper user roles
User roles define the capabilities and permissions of people who have access to your WordPress site. The “Administrator” role has the most permissions — administrators can perform absolutely any action on your site. 
Carefully consider each of your users’ job functions and only provide them with the level of access they absolutely need. If you’ve hired an intern to write content on your blog, assign them the role of author or editor; they don’t need full admin access. Learn more about user roles and security .
Monitor your site for downtime
If your site is hacked and goes down, it’s important to know as soon as possible. Jetpack’s downtime monitoring feature checks your website every five minutes from locations around the world and sends you an email if your site is down. You’ll also receive a notification when it’s back up.
To enable Downtime Monitoring:
Go to Jetpack → Settings in your WordPress dashboard.
Toggle the button next to the text, “Get alerts if your site goes offline.” It will turn blue when enabled.  
Does your site need more advanced security features?
Security is critical for any website and we always recommend the most advanced level of protection possible. We harden security measures in our homes when we feel vulnerable or think we’re likely to sustain a break-in. The same is true for websites. Here are a few reasons you might want to increase protection for your site:
Your site is growing quickly and your visitor numbers or sales have increased.
You handle important or valuable information, including personal data and credit card numbers. 
You’ve recently seen an increase in attempted malicious attacks.
If any of these describe your situation or if you simply want to be as secure as possible, consider adding these more advanced features: 
Implement malware scanning
If your site is attacked, it’s important that you’re notified right away. The sooner you remove any malware and restore your site, the less damage is caused. After all, the longer your site contains malware, the more likely it is that Google will blacklist it, which can lead to a 95% loss of website traffic . 
Jetpack Scan performs automatic, daily scans of your website, looking for malicious code and activity. You can also choose to manually run a scan at any time. If anything is found, you’ll receive an email with details about the threat and affected files.
To activate Security Scanning, install Jetpack and choose a plan that includes Jetpack Scan — the necessary settings will be automatically configured for your website.
Filter spam comments
If you have comments enabled on your posts, pages, or products, then spam is inevitable. Too many spam comments negatively affect your user experience, search engine rankings, and security. They’re also a way for hackers to add malicious links, which steal your users’ personal information or inject malware on their computers. This, of course, can damage your hard-earned reputation.
Jetpack Anti-spam automatically filters comments, pingbacks, and contact form submissions for known spam, which saves you tons of time each week. You can choose to automatically delete the worst spam comments or review each one first. Plus, it’s powered by Akismet, an industry-leading solution that prevents an average of 7.5 million spam comments per hour.
To turn on Jetpack Anti-spam, install Jetpack , select a plan that includes the Anti-spam feature, and watch as it begins automatically protecting your site.