Your website is a goldmine for cyber criminals. They are fast, invisible and always on the prowl for sensitive customer account details or to simply destroy. If you’re a WordPress site owner, you are no doubt aware of the vulnerabilities WordPress sites have experienced in recent years. The good news is that Automattic recently took a much anticipated security step by adding HTTPS encryption to all custom WordPress.com domains (more than 1 million WordPress sites).
You are probably familiar with web encryption as one of the most effective ways to keep data secure. Indeed, encryption is a hot topic right now. Apple recently made headlines after refusing to comply with a court order to assist the FBI to unlock the iPhone used by the San Bernardino shooter. Apple stated that it would need to write new software that would essentially be a master key to opening any iPhone. The main argument was that if the FBI could unlock that iPhone, they could unlock many others, putting everyone’s privacy and personal safety at risk.
For those reasons, among many others, web security should always be at the top of your mind in running your business. But what exactly is HTTPS and how is it beneficial to your business? Can HTTPS alone sufficiently protect your WordPress site? This article will answer those questions in the quest to help you bolster your site security.
What Exactly Is HTTPS?
HTTPS stands for Hyper Text Transport Protocol Secure – the secure connection protocol for HTTP. When you connect to HTTPS, you are using Secure Sockets Layer (SSL) or Transport Layer Security (TLS) protocols to protect communications between your computer and a remote server. Both protocols use encryption to keep cyber criminals from intercepting communications.
The information you send across the web passes from computer to computer before it arrives at the end server. That means that all computers the information passes through could read the sensitive information: from usernames and passwords to credit card information and social security numbers. SSL or TSL encrypts the sensitive information through its journey to the intended recipient, so that only they can understand it.
How Is HTTPS Beneficial to Your Website?
HTTPS encryption is very important for both site security and SEO.
HTTPS keeps your business communications with your online customers safe and secure. When it is enabled, any information between the server and a client cannot be diverted, modified, or stolen. This kind of security is essential for any site that has a login and/or payment system – basically any ecommerce business. It not only protects your data but allows web visitors to view your site as credible. In that sense, HTTPS is essential for all businesses and new websites.
Google has also highlighted the importance of HTTPS encryption. In 2014, Google announced that it would start using HTTPS as a ranking signal. That’s right: Google is ranking sites with HTTPS encryption higher than those without it. That announcement pushed a lot of websites across the globe to obtain HTTPS.
Is HTTPS Encryption Enough to Keep Your Site Secure?
No. Although it helps protect your sensitive data, securing your websites is much more complex than HTTPS. The bottom line is that it does not protect your site, network or server from getting hacked. It also does not prevent hackers from abusing software vulnerabilities that may be present in WordPress. In fact, in general, we’ve seen quite a few major attacks on SSL and TSL protocols: Poodle, Heartbleed, Shellshock, LogJam to mention a few.
So what are your options? What can do you to fortify your site?
What More Can You Do to Protect Your Site?
Security is highly important and as such, there are quite a few things you need to do and stay on top of. We’ll go into this in more detail in another post. For now, here are a few things you need to do to fortify your WordPress site.
Know What the Threat Is
Stay on top of hacking threats. You need to know what is happening, what is possible, in order to protect your site against potential threats. Set up news alerts or follow hacking news sites. The information you receive will give you the ability to take precautionary measures.
Update, Update, Update
Update software as soon as an update is available. The reason behind a lot of updates is to protect against a security vulnerability, so delaying an update greatly exposes you to a potential attack. Hackers are constantly on the lookout for vulnerabilities. If you don’t move quickly to patch vulnerabilities, chances are you’ll become easy prey.
Secure Your Admin Dashboard
Access to information in the admin dashboard of your website is every hacker’s dream. Set usernames and passwords that cannot be easily guessed; greatly limit the number of login attempts within a specific time period; don’t send account details over email etc. Your admin panel is a treasure-trove so keep it secured at all times.
Keep Your Network Secure
An insecure network provides fairly easy access to your site servers. Take some precautionary measures such as frequently changing passwords, expiring logins after a certain period of inactivity, setting strong passwords, and scanning malware on each and every device that connects to your network.
Back-Up Everything
Back-up everything, both on-site and off-site. Set up automatic backups several times a day, to various locations, so you don’t lose everything when the worst-case scenario happens.
HTTPS encryption is great for security, SEO and credibility. You most likely were quite overjoyed when Automattic made the announcement that all custom domains would automatically switch to HTTPS encryption. But that does not mean you’re in the clear when it comes to site security.
There is a whole lot more that needs to be done to keep any website safe from advanced, constantly evolving and persistent cyber threats. Some of the tips mentioned in this article will help to reinforce your site security; and keep your mind at ease to tackle the more fun business operations.