So I have a two-fold comment here: one is about password security and the other is about WordPress. And yes, they are related of course.
PART 1: PASSWORD SECURITY
The level of security breeches has been increasing dramatically. Not only for large businesses, but for all of us. If you have not faced this issue, I highly recommend you do it now before it is too late.
STEP 1:
Password protect your computer and smartphone / iPhone with a login and password on startup and set it so that when it goes to sleep you must wake it with a password. You will probably not have logged out completely from all your accessed websites and if someone accesses your computer or smartphone (for example if your gadget gets stolen) you’re screwed. Do it now and then come back here!
STEP 2:
If you use the SAME password (and a simple one at that) for different essential sites you MUST make the effort NOW to change them.
Use a unique, hard to guess password for each important website access consisting of at least 8 mixed characters. You need to protect especially those sites that are critical to your business such as your WordPress site, your webhost and then of course your bank etc. Hackers don’t just sit there and guess, they use complex programs that run combinations of your available data online (which is growing daily) and automatically test the passwords until they have a match.
Once they have a match, they will run it through all possible sites from backs to social media. They will also access websites that do not provide a high level of security and extract user names and passwords with a high chance that people are using those same passwords for their banking, their social networking sites and their Paypal account. Do it now and then come back here!
Don’t believe me? Read this article from the US-CERT (United States Computer Emergency Readiness Team).
STEP 3:
If you are worried about forgetting your passwords, use a password manager app. I use WISeID which works nicely. I have heard recommendations for SplashID Safe too. You can also use an excel sheet and password protect that document.
PART 2: WORDPRESS SECURITY
STEP 1:
We all know the sinking feeling of a hard drive crashing with no back up. So I will just remind to back it up. You can do that with an external hard drive but now even more conveniently with a cloud service like iCloud, Google Drive, JungleDisk (which connects you to a super cheap, super secure Amazon S3 server) or Dropbox. I’ve used all of them for years now. You can automate the process so that it happens at regular intervals at a certain time of day if your internet access is slow. Do it now and then come back here!
Many of us are using WordPress themes which are awesome – but vulnerable if not managed properly. What we often forget is that when we use WordPress we no longer have the html or php files on our computer to easily upload if something goes wrong because with WordPress (or Joomla etc.) they are stored in a database on the hosting server. There they are not only vulnerable to being hacked (see Part 1), but also to crappy server maintenance, accidental deletion or overwriting.
So, if you are using a website, ESPECIALLY if you have put countless hours of work into it, have a bunch of customer data there – not to mention the two grand you gave someone to design it – you MUST create an independent backup strategy or you could be facing a disaster! WordPress itself has this to say.
STEP 2:
Make your WordPress site less vulnerable and automatically back up your site. Check this article out. Do it now and then come back here!
STEP 3:
And last but not least, your security is only as good as the secure behavior of EVERYONE working on your site. If you have employees working on your site, give them their OWN login and password with the level of clearance they need to do their work and not more. Same goes for any outsourcing to eLance, oDesk etc. And when they’re done, delete or pause their access. They too can have their passwords stolen and are certain not to have the same level of concern that you have.
I personally always give out the passwords myself since I don’t want anyone working on my sites to use a crappy password. If you have liabilities – go into your dashboard and change the passwords. Do it now!
ABOUT THE AUTHOR
Nicolay H. Kreidler is an entrepreneur and strategic consultant in the health and wellness space who focuses on turning around distressed businesses and re-positioning them for success.