Setting up Site Security

Setting up website security is the first thing we do. We then make sure that I’m using a reputable host. Because it’s very important that you have isolation between accounts on a shared hosting provider. If a host doesn’t provide good isolation between accounts, what that means is if an attacker compromises one account on a shared server they can also access other accounts on that same server and you get cross-contamination.
Our Customers Loves us
TrustPilot review score of CK Website Design
Google review score of CK Website Design
Facebook review score of CK Website Design
Share this via
March 25, 2018

STEP 1: CHOOSE A GOOD WORDPRESS HOSTING PROVIDER TO ENSURE THAT YOU HAVE GOOD ACCOUNT ISOLATION.

website security DublinSetting up website security is the first thing I do. I then make sure that I’m using a reputable host. Because it’s very important that you have isolation between accounts on a shared hosting provider. If a host doesn’t provide good isolation between accounts, what that means is if an attacker compromises one account on a shared server they can also access other accounts on that same server and you get cross-contamination. When you choose a hosting provider, it is important that they know how to configure their permissions on their servers so that you don’t have cross-contamination if one of the accounts gets hacked on that server.

It’s very rare to see a hosting provider that does not have good processes of setting up website security. It’s crucial to have accounts isolated, but we do see it about every couple of months. It’s usually newer hosting providers and smaller hosting providers as well. But that doesn’t mean you shouldn’t choose a small host. There a lot of great small hosting providers out there. You have to make sure that they’ve been in business for a little while and ironed out all the bugs. Whilst also making sure that they have a good reputation.

STEP 2: INSTALL THE NEWEST VERSIONS OF WORDPRESS CORE, THEMES AND PLUGINS YOU NEED. 

The next step in setting up website security is to install the newest WordPress core. You always want to choose the newest version of WordPress core when you’re installing WordPress. The older versions of WordPress have known vulnerabilities, and if you install an older version there is a greater chance it will get hacked because attackers will exploit those vulnerabilities. So always install the newest version of core available at wordpress.org.

Of course, you then need to install your plugins and your themes. You’ll usually just have one theme and you’ll have multiple plugins, let’s say 5 plugins. Always get those plugins and your theme from a reputable source. Get them from wordpress.org or your plugins and your themes from a good reputable commercial provider because there’s something called a nulled plugin or a nulled theme. This is when an attacker downloads a reputable plug-in, put their own malicious code in it, and then they throw it up on their own website which looks like a legitimate site but actually it’s not. When you download the plug-in from there you are getting hacked code, resulting in your system becoming compromised, and you’ve got a real mess on your hands. So make sure that you get your plugins and your themes from a reputable source.

STEP 3: KEEP EVERYTHING UPDATED. THAT INCLUDES WORDPRESS CORE, YOUR PLUGINS AND, YOUR THEMES.

Then, of course, you have to keep everything up to date. Security is not a single event, and you don’t go in and just secure a website or a system, you actually have to have a routine, let’s say a weekly routine.  Every few days or every week go in and make sure that everything is up-to-date, that everything’s secure even if you’ve got security systems installed, of course, it can send you emails letting you know you’ve got a theme or a plugin that’s out of date, or a core that needs updating. It can also send you all sorts of other helpful alerts related to security. So make sure you keep an eye on those alerts and actually respond to them accordingly.

STEP 4: WHEN SETTING UP WEBSITE SECURITY REMEMBER TO USE STRONG PASSWORDS AND DON’T REUSE THEM.

The next step in setting up website security is setting up minimum viable security where you need strong passwords. That means that your passwords need to be complex. If you’re setting up an administrator account on WordPress, we recommend that you have a password length of at least 12 characters and that you choose from lowercase letters, uppercase letters, numbers, and symbols. That way you’ll have a password that’s complex enough making it very difficult for an attacker to crack your password if they happen to download the hash of your password plus remember that in every CMS Website Security Matters.

Set unique passwords

Also, use unique passwords across all of the services that you use. The reason you should do this is that if one of those systems gets compromised, the first thing the attacker does is download the user accounts from the database. The attacker will try to use those accounts to log into other services and compromise those too. So use unique passwords across all of the services that you use.

I know that’s a lot to ask and it’s a real pain as it’s very easy to remember one short password and use that same password across all of the systems. But this is really important. One of the tricks you can use is to use a password manager, like one password, to manage your passwords. The password manager will generate a password for you that’s very complex, long and has multiple characters in it. And then, of course, it’ll store it in a very easy-to-use database that you can then access at some point.

If you really don’t want to use a password manager you can also use a formula that you memorise and use to uniquely generate a complex password in your head for each service that you use. That’s one of the systems, that I’ve used in the past and it gives you a way to have unique passwords across all systems. If your passwords are complex enough then you’re in pretty good shape.

Are you interested in Securing a Maintenance Contract for your website?

Contact us to learn how we can keep your site in proper working order.

Popular Categories

Latest Articles

Tags

CONTACT US

Typical response time within 1 hour!

Let’s chat about your Venture

We are an experienced Digital Creative Agency looking forward to learning more 
about you, your organisation and how we can help you achieve your business 
goals online. Get in touch today!

Similar Articles

Your #1 Local

digital Web Agency

Why Us?

Typical response time within 1 hour !

Thanks for being awesome!


We have received your message. If your inquiry is urgent, please get in touch with our Support, which is available Mon-Friday: 9am-9pm

Otherwise, we will reply to you within 1 hour.

Emergency Support: [email protected]

Kind Regards
Kamil | CK Website Design team

CK Website Design
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.