Our Best Practices for Website Security

Your website is your store front, the face you show to the world. Everyone thinks about how their site looks and what it says, but they might not think about the protocol for keeping it secure. But keeping a website secure is more complex than simply locking the door at the end of the day. Secure websites require ongoing maintenance. Here are some common vulnerabilities and what our Vice President of Digital Media, Kirby Mack does to avoid them:

  1. Problem: The average WordPress site shows 12 failed login attempts per hour.
Solution: We practice good “password hygiene.” We frequently change every password and make sure all are strong combinations of letters and number. We don’t use the default admin username, which is often targeted first. The sites we build also have limited login page access, which means that there is a limit on the number of times attackers can try to login with false usernames and passwords before they are prevented from trying again. And, if someone is attempting to hack in, we get real time alerts that tell us who they are and what they’re doing so we can block them immediately.
  1. Problem: Almost a third of WordPress websites are hacked by means of an insecure theme.
Solution: We pick secure themes for all websites we build. This means choosing a theme that doesn’t have any known security vulnerabilities, is updated on a regular basis, and is compatible with the site’s plugins.
  1. Problem: 22% of WordPress websites are hacked via a vulnerable plugin.
Solution: We have a safe plugin policy. Plugins are important for customizing websites, but poorly-coded or outdated ones can be a security liability. We update the core WordPress files immediately upon release of a new version and update all plugins and theme files as need on a weekly basis.

We update and monitor the sites we build daily so that we will know immediately if there is an attack. It’s important to catch things quickly, otherwise the site’s hosting provider will immediately shut down the site. Then, it won’t be accessible until you go through a long series of steps with the host provider which could take days. At Lone Beacon, we don’t take chances with the websites we create, even if it means more time spent on monitoring and general upkeep.