How secure is your WordPress website?
(Classified under: Security)
Posted on 10 November 2020
Recently, the Australian Federal Government released its highly-anticipated Cyber Security Strategy 2020, stating that their vision is to create a "more secure online world for Australians, their businesses and the essential services upon which we all depend".
The Strategy paints a sobering picture of the online environment, pointing out the need for improved cyber security as the scale and sophistication of cyber threats continues to increase.
At Cornerstone Web Solutions, we take the security of our servers, our network and the accounts we host very seriously. We have a range of security and intrusion counter-measures, including server firewalls, anti-virus and security software, and other measures which we'd prefer to keep close to our chest (you never know who's reading this, right?), all working together to help keep our hosting servers safe.
Under our shared security model, the one area that our customers are responsible for is their own hosting account, and for many of our customers, this means that they are responsible for the security (or lack thereof) provided by the WordPress platform that their website uses.
WordPress is a very popular target for cyber criminals and according to a 2019 survey, WordPress accounted for 94% of all compromised Content Management Systems.
If your website uses the WordPress platform, it is incredibly important to be proactive with your website's security. If you don't already have dedicated security software protecting your WordPress website, then your website may already be at risk of compromise.
To help reduce the risk of your WordPress website getting compromised, we recommend that our customers install the Premium version of a plugin called WordFence.
WordFence Premium is a security suite for WordPress, and includes:
- A Web Application Firewall that identifies and blocks malicious traffic
- A Security Scanner which checks core WordPress files, themes and plugins for malware, bad URLs, backdoors and a whole raft of other nasties
- Real-time malware signature updates
- IP Address reputation checks
- Country Blocking
- 2-Factor Authentication
- WordPress source file verification and repair
- and much more.
In the last 30 days, WordFence stopped more than 3.4 billion attacks on WordPress websites globally, and blacklisted more than 200,000 malicious IP address in the same timeframe.
A WordFence Premium license costs USD $99 per year, which we believe is excellent value for the protection that the service offers. Note that there is a free version of WordFence, however this version lacks important features that you really need in order to secure your account.
Please speak with your web developer about installing WordFence Premium or similar dedicated security software to secure your website.
If you don't currently have a web developer that you work with, please speak with us about this. We can install and configure WordFence Premium on your hosting account for you, run your first scan to look for problems and check the overall health of your WordPress website.
Now is the time to make sure that your WordPress website is secure!
NB: Information presented here is general in nature, does not take into account your particular situation and should not be used in place of professional IT consultation.