I received an interesting email touching on an important topic of website security. I thought I’d share my response in a form of an article as this can possibly benefit more people. The person was using Joomla! CMS but the tips are relevant to WordPress users as well. Here it is.
If you have a website created with CMS like Joomla! or WordPress there are couple ways to improve on its security. These security enhancements can be done by yourself or your web developer.
6 tips on how to make your website more secure
1. Update your Content Management System (CMS) on the regular basis.
Its crucial and the most important action you may take. Your CMS will inform you if your current version is up to date. This information is usually displayed at the top of your administrator panel. CMS Developers (and hackers) work hard every day to find new vulnerabilities of the system. Once they come across of a security weakness (hopefully developers sooner than hackers) they patch it releasing a new CMS version. It’ s up to the site owner than to download and install the update.
2. Update your Plugins.
For the same reasons mentioned above you should also update your plugins. Plugins are snippets of code that can extend the functionality of your site. From website features like slide shows or galleries to enhancements in your admin panel, these plugins have one thing in common. They can tap into the core of your CMS site. When constructed in a sloppy way, they can become a gateway for a hacker. There are thousands of plugins available, with a large portion of free ones. The trick is to make sure you are choosing the ones from reputable developers and update them regularly.
3. Hide your admin panel gateway.
Your administrator panel url can tell a lot of your site to a potential hacker. This url is the address that leads to the admin portal screen, where you are asked to log in. In case of Joomla! the address is mysite.com/administrator. If the potential hacker types this in and manages to access your login screen, he has one hoop less to jump through. To stay protected Joomla! offers a built in feature called ‘secret word’. What this does is to change the url address to your admin portal depending on what you choose the secret word to be. For example: mywebsite.com/?mysecretword instead the default address mentioned above. In WordPress you will have to use a plugin to achieve the same effect. Two good examples are: Hidden WP Admin, IThemes Security.
4. Change your user name.
By default your in the earlier versions of Joomla! the default administrator user name was ‘admin’. If this is your case you should immediately change it to something else. Hackers use light-haertedness or simply lack of knowledge of a site owner who left it at ‘admin’ and proceed with the last piece of the puzzle to gain full access to the site – the password.
5. Keep the password strong.
This point is very important. Don’t make the life of the possible hacker easier. The stronger the password is the better. Use numbers, small and capital letters and make sure it’s at least 8 characters long. Don’t use the obvious choices like your name your company name or even your pet’s name.
6. Back up your website.
It’s a good habit and it pays off. Hackers aren’t the only worry when it comes to the website stability in time. If anything goes wrong (hackers, system errors) and your website goes down, you can always recreate it from a backup. That is if you did backup the site… did you…? Backups can be done manually or automatically through various extensions and plugins. Here are the example of the most popular ones for Joomla!: Akeeba Backup , EJB, counterparts for WordPress are be VaultPress, BackWPup
Applying these few tips will improve the security of your website immensely. They don’t cost a lot of effort but will definitely save you from some possible major headaches in the future.
If you need help applying these techniques or thinking of creating your first website or redesigning your existing one please contact me. I will be glad to work with you.Share it with the world: