COVID-19 has forever changed the ways of the World Wide Web. It’s no surprise that we’ve seen a spike in screen time since the start of the pandemic and the digital space is seeing an increase in activity and personal information. Just as we’re spending more time on the web, hackers have taken advantage of new opportunities for cybercrime. Phishing threats have skyrocketed since March, and companies are experiencing as many as 1,185 attacks per month. With hacking at an all-time high, it’s more important than ever to review your business’ WordPress website security measures so your team can safely navigate our new online normal.
- Consider opting in to a two-factor authentication setup for your website’s login. The security monitoring framework set up by our team supports this functionality and can be enabled for all your website’s users. This would require the entry of a periodically refreshed one-time code after the traditional login that is provided to users by an authenticator application. More information on how two-factor authentication works can be found here.
- Log yourself out once you are done making changes.
- Avoid usernames that often used by default and can be easily guessed by hackers (e.g., admin, [domain name], etc.).
- Avoid usage of emails or names that can be found on the website, such as the first/last name of team members.
- Avoid usage of easily guessed passwords, as well as passwords closely related to your domain name or website content.
- Never re-use passwords from other accounts.
- Use a mix of upper and lowercase letters, numbers and special characters. Strong passwords can be generated and saved by an accompanying password manager. This would remove the need for the passwords to be human-friendly with the usage of words and, as a result, sharply decrease the chance of credentials being compromised.
Updates and User Management
- Ensure plugins are regularly updated and all site components are receiving periodic security patches.
- Consider the role of every user account should have on your WordPress site. Most users are better suited to a limited author or editor role than a site administrator. Editors have the full publishing power of WordPress without the ability to manage sensitive plugin and site settings.