Discover why having good security is vital for your bottom line.
Sometimes when I stop and think about security for WordPress websites I wonder why anyone would bother taking the time and effort to focus on security for their websites.
Sure, you can build one barrier after another at the “front door” of your website. You can have wonderfully layered defences with strong usernames and passwords, captchas, IP blockers and blacklists, limited login attempts, two-stage authentication, brute force protection and more and hackers can still get in.
You can let hackers in
You can do everything in your power to keep hackers out and they can still walk right in because all you are doing is protecting the admin section of your website.
You can lock that down so tight that a flea couldn’t find its way in and yet your WordPress website can still be open to any hacker with modest skills.
You can also open the door wide and usher hackers in if you don’t keep all the plugins in your website updated.
Your hosting provider can let hackers in
You can choose a host that has a strong focus on security (and there are some who don’t … even some of the best-known hosts are less security conscious than others) and still the hackers can waltz right into your website.
WordPress programmers can let hackers in
How can they do that? By the very nature of the beast that is WordPress. The foundations of your WordPress website is a collaborative between the WordPress team who build the core and those many individuals who build the plugins that you, or your web designer, have used to add functionality to the WordPress core.
Every one of them has to bring his or her A game every time they sit down to write the code that goes into the core and the plugins. One tiny mistake, one distraction, one little bit of inexperience and the code that you rely on stops being bulletproof and starts being a potential vulnerability that hackers can exploit.
Is resistance a waste of money?
And there’s no way you will know if the core or the plugins that you are using are bulletproof or vulnerable … and there is no way you can build a wall, or any form of layered defence around them. If there is one small vulnerability hackers will find it and exploit it … and there’s nothing you can do.
So what’s the point of trying to keep hackers out if you can’t have total control over every access point to your website?
What’s the point of spending time and money to try and protect your website?
Why you MUST focus on security
There are two very good reasons why you do need to focus on maintaining good security for your website even though there are so many ways that hackers can break into your website and no one can guarantee that you will keep hackers out.
A little resistance is a good thing
Hackers are no different to you or me. We like the easy life. Sure, we enjoy a challenge but if there is a hard way to achieve a goal and an easy way to achieve the same goal we’ll opt for the easy solution every time.
Hackers want to get into as many websites as they can. It doesn’t matter too much to them who owns it or what the websites are about; they just want to get in.
They’ll try to break into every website they can find but most of them will look for the quick wins that they know are out there. Most hackers don’t want to spend too much time trying to break into because they know that there are many websites out there with little, or no, defences.
So, they’ll try to get into your website, they might even make it past the first lines of defence but, if you’ve got a layered defence in place, it all starts to get too hard for them and they’ll go looking for an easier target.
That means that you, if you ever knew that the hackers were there and trying to break into your website, can breathe a big sigh of relief … until the next hacker comes along in a few minutes.
Ignorance is not bliss
What if your defences don’t hold or the hacker has found a vulnerability in one of the plugins that is part of your website? How would you know that a hacker left his malicious files buried in your website?
If you have the right security plugins installed in your website, you will be warned that someone has been tampering with your website so you will know. You will know where they have been and what they have done and that information tells a specialist what needs to be done to clean up your website.
But will you even bother to read those alerts that come from your website?
Sadly few website owners ever have time, or the inclination, to pay any attention to those alerts and if you never read them and you’ll never know that you have been hacked.
… and the point is …
It’s all about money … money that stays in your pocket.
When a hacker breaks into your website you and your business lose credibility with Google and with your customers. A defaced website will drive your customers or clients away and they may never come back.
A warning from Google that appears in front of people when they visit your website after a hack also drives people away and many of them will never return.
And people will continue to be driven away from your business until the mess is cleaned up and, of course, that will cost you lots of money … once you realise that something is wrong.
Spend some time and money on monitoring your website and keeping all the plugins updated and you will have a much better chance of keeping hackers out.
Yes, it takes time and time is money but that is a small cost when you compare it to the cost of cleaning up the mess that hackers leave behind them.
If you don’t have the time to devote to maintaining the security of your website then you will have to spend money to employ professionals to monitor your website but that cost is nothing compared to the cost of cleaning up the mess that hackers leave behind them.
And ultimately the point is that spending money on security for your website, even though it remains vulnerable, is something you must do if want to avoid much bigger costs when a hacker does find a way in.
Need to talk to someone about website security? Pick up the phone, email or connect with Skype and talk to us here at WP Security Workshop.
For as little as a dollar a day you can have professionals keeping watch over your website.