Endpoint Security And Disaster Preparedness
Continued from part 4
Setting up a secure password for your admin dashboard is a tactic that sets you on the right track to a robust WordPress security. But one smart tactic, or a combination of tweaks and plugins, won’t get you far.
You need to have a security strategy that not only oversees most attack vectors but also allows you to mitigate damage and restore your site quickly in the event of an accidental data loss, breach or a hijack.
Securing your WordPress blog requires more than just watertight backend protection, timely updates of the WordPress core and plugins, or an internal monitoring system. One of the frequently overlooked breach points in your blog’s security perimeter is your endpoint device.
WordPress makes it possible to access your admin dashboard from many devices such as computers, laptops, smartphones, and tablets. Losing any of the devices you use to access your blog, or having them hacked, means exposing your blog to great risks.
So you need to exercise appropriate precautions and account for endpoint security.
Endpoint Security Tips:
- Secure your devices by using a strong PIN or password, and enabling two-factor authentication to unlock your device such as biometric ID, if possible.
- Set your devices to auto-lock after a set time on idle.
- Don’t access your WordPress backend from public computers, as these often are riddled with spyware and keyloggers. Likewise, their browsers can be configured to automatically store your login credentials, in which case you’d be giving away your login details to an awful lot of strangers using the computer after you.
- Don’t check your email from public computers, either, for the same reasons. Your email is vital to your WordPress security – anyone gaining access to it could reset your WordPress password.
- Do not access your WordPress admin dashboard nor your email from public Wi-Fi hotspots, unless you are using a trusted Virtual Private Network (VPN) with robust encryption and OpenVPN protocol.
- Only install apps and games on your smartphone from the official app store.
Hope for the best but prepare for the worst. Assume that, even with the latest updates and the best of manual tweaks, there is a vulnerability that escaped your scrutiny.
When the worst happens, do you have the backups to fall back to, or do you know where they are? Are they even current? How long will your blog be down while you mitigate the damage? What if your hosting provider goes out of business suddenly? Or you just lose data by accident?
When you know the answers to all these questions, you have a security strategy.
Disaster Preparedness Tips:
- Have a plan. Break down a huge task of restoring your blog from a hack/accident/act of God into smaller, digestible chunks.
- Consider having a failover service that would redirect your traffic while your blog is down.
- Have a temporary notification page you can display to your readers telling them that you won’t be down for long.
- Be ready to start and restart your blog’s services, such as your database and web service, if needed.
Without a current backup on hand, you’ll have to clean your blog manually or pay someone to do it for you. On the other hand, if your web hosting gets compromised, there’s little you can do but move to another hosting service. In this case, a current backup is also crucial. An ideal backup tactic would be to combine several backup storage locations so that if one location gets compromised, you can always use the alternative source.
Likewise, backups should be incremental and automatic. When your backups are current and readily available, you will restore your data and re-deploy your blog almost immediately, with minimum downtime. On the contrary, a slow recovery from a hack could have a negative SEO impact on your blog’s rankings, organic search traffic, and revenue.
- Have a plan and a step-by-step “note to self” on where your backups are, and how to restore them quickly.
- Automate your backups. Manual backups aren’t reliable as you will inevitably forget to backup at some point.
- Schedule backups to run during hours with the lowest traffic since backups can consume a lot of system resources.
- Check up on your scheduled backups. If you run out of storage space, backups could fail. A gazillion of other things could cause a backup failure, so be vigilant.
- Have incremental backups – daily, weekly, and monthly you can fall back on in case disaster happens. There are too many unknowns in a disaster equation, and having ample backups to restore from is a key to minimizing downtime.
- Have multiple backups stored in various places such as with your web host and a secondary service, or even locally on your hard drive or external drive.
- Most web hosting providers offer native backup solutions. Use that as a secondary backup storage. Note that, with some providers, you may need to set up your backups manually, especially with the Virtual Private Server systems (VPS).
- Cloud-based backups are efficient since they can be automated and convenient to restore from, especially with the native WordPress cloud backups available as a part of the WordPress Security plugin.
- Internal monitoring systems like Sucuri and Wordfence also let you set up and manage your backups.
The WordPress threat landscape is continuously changing, so you need to be on top of the security best practices, expert findings, patch releases, and community discussions. In other words, be proactive, not reactionary.
By securing your blog properly, you will be able to develop a solid reputation, build traffic faster and avoid costs associated with site cleaning and recovery after a hack.
That’s it. Hope this helps.
By Alex Grant