CLOUDTWEAKS CONTRIBUTOR PROGRAM

Join the CloudTweaks thought leadership contributor program which includes a customized profile, branded identity page, newsletter marketing, social amplification and more...

The program is currently available to consultants, influencers or executive level contributors.

Endpoint Security

WordPress Security 101 – Endpoint Security And Disaster Preparedness

Endpoint Security And Disaster Preparedness

Continued from part 4

Setting up a secure password for your admin dashboard is a tactic that sets you on the right track to a robust WordPress security. But one smart tactic, or a combination of tweaks and plugins, won’t get you far.

You need to have a security strategy that not only oversees most attack vectors but also allows you to mitigate damage and restore your site quickly in the event of an accidental data loss, breach or a hijack.

Endpoint Security

Securing your WordPress blog requires more than just watertight backend protection, timely updates of the WordPress core and plugins, or an internal monitoring system. One of the frequently overlooked breach points in your blog’s security perimeter is your endpoint device.

WordPress makes it possible to access your admin dashboard from many devices such as computers, laptops, smartphones, and tablets. Losing any of the devices you use to access your blog, or having them hacked, means exposing your blog to great risks.

So you need to exercise appropriate precautions and account for endpoint security.

Endpoint Security Tips:

  • Secure your devices by using a strong PIN or password, and enabling two-factor authentication to unlock your device such as biometric ID, if possible.
  • Set your devices to auto-lock after a set time on idle.
  • Don’t access your WordPress backend from public computers, as these often are riddled with spyware and keyloggers. Likewise, their browsers can be configured to automatically store your login credentials, in which case you’d be giving away your login details to an awful lot of strangers using the computer after you.
  • Don’t check your email from public computers, either, for the same reasons. Your email is vital to your WordPress security – anyone gaining access to it could reset your WordPress password.
  • Do not access your WordPress admin dashboard nor your email from public Wi-Fi hotspots, unless you are using a trusted Virtual Private Network (VPN) with robust encryption and OpenVPN protocol.
  • Only install apps and games on your smartphone from the official app store.

Disaster Preparedness

Hope for the best but prepare for the worst. Assume that, even with the latest updates and the best of manual tweaks, there is a vulnerability that escaped your scrutiny.

When the worst happens, do you have the backups to fall back to, or do you know where they are? Are they even current? How long will your blog be down while you mitigate the damage? What if your hosting provider goes out of business suddenly? Or you just lose data by accident?

When you know the answers to all these questions, you have a security strategy.

Disaster Preparedness Tips:

  • Have a plan. Break down a huge task of restoring your blog from a hack/accident/act of God into smaller, digestible chunks.
  • Consider having a failover service that would redirect your traffic while your blog is down.
  • Have a temporary notification page you can display to your readers telling them that you won’t be down for long.
  • Be ready to start and restart your blog’s services, such as your database and web service, if needed.

WordPress Backups

Without a current backup on hand, you’ll have to clean your blog manually or pay someone to do it for you. On the other hand, if your web hosting gets compromised, there’s little you can do but move to another hosting service. In this case, a current backup is also crucial. An ideal backup tactic would be to combine several backup storage locations so that if one location gets compromised, you can always use the alternative source.

Likewise, backups should be incremental and automatic. When your backups are current and readily available, you will restore your data and re-deploy your blog almost immediately, with minimum downtime. On the contrary, a slow recovery from a hack could have a negative SEO impact on your blog’s rankings, organic search traffic, and revenue.

Backup Tips:

  • Have a plan and a step-by-step “note to self” on where your backups are, and how to restore them quickly.
  • Automate your backups. Manual backups aren’t reliable as you will inevitably forget to backup at some point.
  • Schedule backups to run during hours with the lowest traffic since backups can consume a lot of system resources.
  • Check up on your scheduled backups. If you run out of storage space, backups could fail. A gazillion of other things could cause a backup failure, so be vigilant.
  • Have incremental backups – daily, weekly, and monthly you can fall back on in case disaster happens. There are too many unknowns in a disaster equation, and having ample backups to restore from is a key to minimizing downtime.
  • Have multiple backups stored in various places such as with your web host and a secondary service, or even locally on your hard drive or external drive.

Backup Options:

  • Most web hosting providers offer native backup solutions. Use that as a secondary backup storage. Note that, with some providers, you may need to set up your backups manually, especially with the Virtual Private Server systems (VPS).
  • Cloud-based backups are efficient since they can be automated and convenient to restore from, especially with the native WordPress cloud backups available as a part of the WordPress Security plugin.
  • Internal monitoring systems like Sucuri and Wordfence also let you set up and manage your backups.

Wrapping Up

The WordPress threat landscape is continuously changing, so you need to be on top of the security best practices, expert findings, patch releases, and community discussions. In other words, be proactive, not reactionary.

By securing your blog properly, you will be able to develop a solid reputation, build traffic faster and avoid costs associated with site cleaning and recovery after a hack.

That’s it. Hope this helps.

By Alex Grant

CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in cloud connected technology information, resources and thought leadership services.

Contact us for a list of our leading brand and thought leadership exposure programs.

The Lighter Side Of The Cloud - Disaster Recovery Plan
The Lighter Side Of The Cloud - The Nanodegree
The Lighter Side Of The Cloud - DNA Storage
Cloud Developers are Using the Programmable Infrastructure to Open a World of Innovation and Business Transformation

Cloud Developers are Using the Programmable Infrastructure to Open a World of Innovation and Business Transformation

In the past few years, we have seen a surge of advancement in cloud development. New platforms, developer tools, and ...
The Connected Car: The Unknown Hero of Automotive Innovation

The Connected Car: The Unknown Hero of Automotive Innovation

Connected Car Innovation Spanning the last decade, the automotive industry has seen an explosion of technological innovation which has, and ...
5 Data Security Tips Small Businesses Should Mimic

5 Data Security Tips Small Businesses Should Mimic

Data Security Tips As more and more companies begin to switch to the cloud, cyber attacks need to be a ...
MarTech’s Fragmented Landscape is Failing Brand Marketers

MarTech’s Fragmented Landscape is Failing Brand Marketers

MarTech’s Fragmented Landscape Mapping the customer journey is one of the biggest strategic shifts currently underway in the marketing industry ...
Mitigating the Downtime Risks of Virtualization

Mitigating the Downtime Risks of Virtualization

Mitigating the Downtime Risks Nearly every IT professional dreads unplanned downtime. Depending on which systems are hit, it can mean ...
How Artificial Intelligence Is Revolutionizing Business

How Artificial Intelligence Is Revolutionizing Business

Artificial Intelligence Revolution 84% of respondents say AI will enable them to obtain or sustain a competitive advantage. 83% believe ...
A Smart Data Approach to Assurance in a Hybrid Cloud Environment

A Smart Data Approach to Assurance in a Hybrid Cloud Environment

Smart Data Microsoft and Amazon both reported significant growth in their cloud businesses recently. Revenue for Microsoft’s Azure increased by ...
Data Protection Officers

Free Linux Firewalls of 2018

A firewall is an important aspect of computer security these days, and most modern routers have one built in, which while helpful, can be difficult to configure. Fortunately there are also distributions (distros) of the free operating system Linux which ...
Cloud Monitoring and Data Performance Services

Cloud Monitoring and Data Performance Services

CLOUD PERFORMANCE MONITORING The Dynamic State Of Cloud Performance Monitoring And Evaluation Monitoring and evaluation in cloud computing are essential processes. They determine whether a company’s applications on the cloud are effective, safe, and efficient. They also help eliminate failures in ...
Machine Learning Open-Source Tools

Do More With Machine Learning Thanks to These 6 Open-Source Tools

Machine Learning Open-Source Tools We are in the middle of a machine learning, AI and big data renaissance — at least, that’s what we’re calling it. Seemingly everyone is interested in this technology these days, and for a good reason ...
The Future Of Cybersecurity

The Future Of Cybersecurity

The Future of Cybersecurity In 2013, President Obama issued an Executive Order to protect critical infrastructure by establishing baseline security standards. One year later, the government announced the cybersecurity framework, a voluntary how-to guide to strengthen cybersecurity and meanwhile, the ...
Data Vulnerability Tools

Data Vulnerability Tools

Provided is a list of popular data vulnerability tools to help your company keep an eye out for any security related exploits that you should be made aware of ...