As a B2B marketer, the last thing you want to hear is that your website is down or has been hacked. Not only can this have grave consequences for your brand presence online, but it can also lead to bigger issues like an interruption in valuable lead generation or lead nurturing – which can impact revenue.
Additionally, many hackers exploit website vulnerabilities to perpetrate Black Hat SEO. These are dangerous attacks because they are harder to detect and identify, meaning your website continues to work but now contains spammy links to other sites, or worse, links to malicious sites that compromise a user’s information.
As a web design agency that specializes in WordPress website development, we get questions on how to maintain and keep a WordPress website secure. While, we’ve taken a deeper dive into WordPress Security Best Practices before, here we’ll take a look at what you can do as the manager of a WordPress website to maintain a secure environment.
Tips for securing your B2B WordPress website
As a website development director, there are several steps you can take and settings to monitor to keep your website secure. Let’s take a look.
Strong passwords
Of course, having strong passwords is the foundation. By default, WordPress encourages good passwords (and provides randomized ones). WordPress hashes all passwords in the database. In other words, if a bad actor gets access to the database, they still won’t be able to access the passwords. But that doesn’t mean a dictionary attack can’t guess your password and login to the website.
Require that anyone who has a login to your B2B WordPress website uses a strong password and not something like “fluffy1.” Strong passwords are a combination of upper and lower case letters, numbers, and special characters. While it can be tough to keep track of more complex passwords, there are so many password management tools that will keep them safe and handy for you, like LastPass or Keeper.
User hygiene
Implement good user hygiene. For example, we never use “admin” as a username in WordPress since this is one of the first things that bad actors will attempt to gain the maximum amount of access. Additionally, bots know it was once the default username, so it is used in many dictionary attacks.
We also strongly recommend to our clients that they regularly remove users who are no longer needed. For example, if you have a temporary contractor or partner working on the site, remove their access once they are no longer working on your WordPress website. Likewise, if an employee leaves the company, remove their access as soon as possible. Even if the parting is mutual and pleasant, it’s easy for their password to become compromised when it is no longer actively monitored or accessed.
Regular updates
WordPress generally releases updates 6-12 times a year and quickly reacts to security concerns. Keeping WordPress (and any installed plugins) up to date is vital for security. The hosts we recommend (WP Engine and Pantheon) have tools that automate updates. If you don’t have the internal resources to manage updates to WordPress or plugins, we recommend partnering with a WordPress maintenance company that will review and update on a monthly basis for you.
Limit login attempts
WordPress allows the installation of a plugin that limits the number of failed login attempts. This is a good protection against dictionary attacks. It’s a simple, yet effective method for protecting your website against these types of attacks.
Multi-factor authentication (MFA)
This type of MFA has nothing to do with being an artist and is likely something you are familiar with if you log into any banking or secure applications on your phone or computer. We highly recommend implementing MFA for your B2B website. One great tool for MFA is Google Authenticator, but there are a variety of MFA tools out there and you may already be using one recommended by your IT team.
Single sign on (SSO)
If your company uses SSO (Okta, OneLogin, Shibboleth, etc.), you can set up WordPress to work with the same tool. We recommend working closely with your IT team to set this up and to ensure it’s working as expecting. It will be another layer of security for accessing your website.
Pantheon hosting
Pantheon is a hosting provider that we recommend to our clients who are serious about security. The live environment is locked down—you can’t make file changes. Any file changes (WordPress updates, new plugin installations, theme edits) must be made in a development environment, pushed to a test environment, and then pushed to live. This helps limit the damage a bad actor can do, even if they get access to your website. It’s also a great way to test out website changes before you do them on the live website. In addition to the layer of security, you can verify any changes you make work as intended and don’t conflict with another tool or plugin on the website.
WordPress security takes monitoring
WordPress websites offer many ways to keep your site secure and running. These are a few tips you can implement to ensure you have the maximum security on your website so that your website doesn’t cause any interruptions in your B2B marketing activities.
Questions about creating a new WordPress website for your B2B firm? Contact us today to discuss your project.