arnold on Nov 07, 2018
Website Security and Backups
There are a few more WordPress related items that we have not covered this semester that we really should. Even though we will only cover these briefly, they are still very important.
Website hacking has been a little out of control for the last few years. It has been a profitable business and there are many hacking software programs that non-technical people can buy and use for their own malicious intents.
Some of the websites I manage get hundreds of attacks every day and bigger websites have reported getting a million or more hacking attempts a month.
If you set up a WordPress website and do some SEO work on it but no security work, then it is only a matter of time (as quick as 12 months) before your website could be hacked. WordPress websites are really good for SEO, but they are also the most hacked websites as WordPress websites have a lot of vulnerabilities through their plugins.
Because of this we need to take some actions to help prevent hackers from accessing our website and we also need to backup up our websites every day so that if our site goes down we can upload a recent copy of our website.
Backing up our WordPress Website:
Go to Plugins -> Add New
Type in BACKwpUP in the search box then click install now and activate for the plugin shown below.
Then look on the sidebar for BackWPup and click dashboard. Once located click on the dashboard and look for Add a new backup job.
Make sure the following options are checked:
Next Click Backup To Folder As shown below.
Then click SAVE at the bottom.
You should then a see a message where you can run the job once you are back in your backup dashboard. Alternatively you can go to JOBS and click “Run Job”
It will then run and you should see something like this once you are done:
You now need to download your backup to your computer. Click on BACKUPS and then DOWNLOAD as shown below.
What we did was conduct a full backup of our website and then saved it on our web servers. We then downloaded it from our webservers onto our computers. I will be able to see this backup once you submit your URL.
However, this is not the most proper way to backup a website as something could always happen to our servers or someone could find a way to access your backup to use. So, the easiest way to keep a backup safe is to download it directly to a website such as dropbox or to a separate server at your business if you are hosting your own website. We won’t do it today, but you should almost always set your websites to automatically backup every night and to a dropbox folder.
Now that we have our websites backed up we can do a few things to help keep our websites secured.
Keep plugins updated
The first thing we want to do for website security is to constantly keep our plugins updated. Out of date plugins are an easy way in to WordPress websites so we need to keep these constantly updated. We went over this earlier in the semester so you should know how to do this.
On your personal and websites go ahead and update your plugins. You will see the updates available by looking for the red number which indicate the number of updates.
Then click on Plugins and find the ones that need updates.
Click on UPDATE NOW and it will update.
***It also may say that there is a new version of WordPress. If this is the case then update your version of WordPress.
The last thing you might need to update is your Themify template.
To do this go to THEMIFY ULTRA. Then look at the top for available updates. Simply click update now to update those. You will need to log in to Themify to update.
Limit Login Attempts
An easy way to block hacking attempts into your website is through a login limit plugin. When trying to hack a website a hacker usually has about trying multiple combinations of passwords and usernames. So if you set a limit for the number of times that you can attempt to log into your website it makes it really hard for anyone to get much done.
For us, we did this in our hosting when we set up our websites. I don’t want to have two programs doing the same thing so you do not need to install this right now. Just know about it for any future WordPress work.
The next thing we want to do for security is to install a program that does it all called Sucuri Scanner.
Go to your plugins -> Add new and search for Sucuri.
Once installed Find Sucuri on the left sidebar and then click Dashboard.
Some of the features for Sucuri cannot work unless we connect it to the main Sucuri servers so we need to generate and API key. Once we generate it, sucuri will send us an email with the key. See the screenshots below.
First Click Generate API key:
Then submit your information as shown below:
If you get the error messages below then it did not work. Try it one more time.
If it worked then it will look like this:
From here you can go to settings. You should set alerts to be emailed to you. If there is any malicious activity you want to know right away rather than waiting until the next time you log in to find out. The rest of the default settings will be fine and this plugin will help to protect and monitor your website from most attacks.
Setting Up A Firewall
The last thing you would want to set up for security is a firewall. This blocks the IP address of known attack bots from even being able to see your website. This is a premium feature that runs about $200 – $250 a year. We won’t enable this today, but if you click on the hardening option of dashboard in Sucuri you can see where you would activate this.
For today’s work set up everything mention in this post on your resume website.
To update your themify:
We have a new plugin, Themify Updater, that can you help you to update all Themify themes and plugins with just your username and license key:
– Download & install the Themify Updater plugin: https://themify.me/files/themify-updater/themify-updater.zip
– Login to Member Area > License (https://themify.me/member/softsale/license), copy your license key (if you don’t see your license key, please contact us)
– Go back to your WP-admin > Plugins > Add New Then upload the updater
– Now you can auto update all Themify themes and plugins in the following ways:
— WP-admin > Appearance > Themes = update themes one by one
— WP-admin > Plugins = update plugins one by one
— WP-admin > Dashboard > Updates = update all themes and plugins at once
— It also works with WordPress site management tools such as ManagedWP (as long the Themify Updater plugin is activated on the site with the valid username and active license key)
For more info: https://themify.me/docs/themify-updater-documentation