Attacks on websites are an everyday occurrence. Unfortunately, small businesses are particularly vulnerable to web attacks because they normally don’t have employees dedicated to running their website, much less securing it.

Fortunately, there are a few simple things you can do to make your website more secure without breaking the bank.

There are a vast number of different platforms for websites, and all sorts of different software involved in supporting even a single site. We’ve decided to focus on WordPress because it is one of the most popular solutions – almost 20% of the web runs on WordPress.

The basics

Before we dive into some of the security technology that can be used to protect your WordPress site, it’s probably a good idea to briefly review some general security precautions that will apply WordPress and to other similar content management systems, although the terminology might differ.

• Backup your site regularly. – If your site is compromised and can’t be “cleaned” with any level of certainty, restoring from a backup may be your only option. BackWPup and BackupBuddy are both good backup options for WordPress.
• Keep up-to-date with patches. – The WordPress community stays on top of security threats and generally responds to new vulnerabilities quickly. But if you’re not installing the updates, that’s not much use to you. WordPress recently started implementing auto-magic security updates, but only for versions 3.7 and above. If you’re running an older version, it’s in your best interest to update (backing up your site first, of course).
• Not using it? Turn it off. – Because it’s so easy to install plugins for WordPress, many people wind up installing a lot more plugins than they actually need or use. Each plugin you install comes with it’s own set of security concerns and vulnerabilities. That’s not to scare you away from installing plugins, but if you’re not using a particular plugin, it’s a good idea to deactivate it or remove it entirely.

If your website has been online for any length of time at all, it’s already being mapped out and potentially attacked by automated tools that have been set loose on the web.

Often the best way to protect your site from these automated attacks is by adding a little automation of your own. Plugins like iThemes Security and Wordfence will obscure details of your WordPress installation, making it harder to attack, and have also have tools to detect and react to potential attacks.

Configuring plugin options to limit login attempts, require strong passwords, and add encryption to the admin area of WordPress will provide an extra level of protection that might re-direct attackers to an easier target.

If you’re concerned that your website has already been compromised, Sucuri offers a free tool that will scan your site for problems and provide you with a report that either you or your website support provider can work through.

None of the recommendations we’ve listed take much work to implement, but taken together, can significantly reduce the risk of your WordPress website being hacked. Protecting your site from the most common web attacks is a little like running from a bear –  your site doesn’t necessarily need to be 99% secure, it just needs to be more secure than the other sites being targeted.