In this article
Imagine that you break your leg. It’s extremely painful, and is only going to get worse if you don’t take care of it soon. What do you do?
Obviously, you go to a doctor. You put your leg in the care of a practiced, knowledgeable, and qualified professional. Why? Because that’s how you know your leg will heal correctly.
Website security must be dealt with in a similar fashion.
In the above analogy, your website is the leg that your business stands on. It’s how you attract new supporters and, in some cases, where you generate your revenue. But security threats to your website abound and threaten to break it. Trying to take care of all these cyber threats yourself will have the same effect as trying to heal your own broken leg — in both cases, it’s best to leave it to the professionals.
When it comes to website security, it’s okay if you’re not an expert. Running a business requires your full attention. Security is an ever-changing field, where continuous education is necessary; you simply don’t have time to keep up with it.
But putting your site visitors’ safety on the back burner will ultimately hurt your business’s bottom line (along with your reputation). That’s why outsourcing your website’s security is crucial. Leaving it to the experts shows your customers that you take the safety of their site experiences seriously.
So, how do you get started? Well, there are plenty of third-party organizations and website plugins that guarantee secure websites. Some of these options can be costly, though. Fortunately, there’s a free option that’s just as good: build your site on a platform that promises strong security protection, like WordPress.com.
When it comes to website security, there are some basic actions that site owners always need to take (like picking a strong password), but many others that WordPress.com will manage instead. Here’s an overview of the most common website security issues, how to combat them, and when it’s the responsibility of WordPress.com to step in.
1. Brute force attacks
It’s important to understand that most hacking attempts are automated. There’s no person on the other end painstakingly trying to guess your username and password combination. Instead, hackers use automated programs (called bots) that repeatedly attempt to guess your username and password much faster than any human ever could. When these bots overwhelm your site with attempts to hack into it, it’s known as a “brute force attack.”
The best way to prevent a brute force attack is to make sure you’re using a strong password that will be difficult to guess. A strong password is long and doesn’t include a common phrase. It’s also helpful to create a unique username instead of sticking with the default “admin” one.
Hackers will attempt brute force attacks even if you have these security measures in place. This is why WordPress.com offers protection against these types of attacks. Jetpack, which powers many of WordPress.com’s key features, provides brute force protection by blocking bots from accessing your site’s login page.
Malware, or malicious software, is any program designed to harm your site by stealing data from it. Hackers try to place malware on a website by either hacking into it directly (as described above) or targeting a vulnerability within the platform that it’s built on.
One of the best ways to keep your site safe from malware is to make sure that your software is updated regularly. Most software updates include security enhancements designed to keep malware out.
WordPress.com runs automatic updates, so you’ll always know that your website platform is as secure as it can possibly be. If you are a Business plan user and have third-party plugins on your site, make sure that your plugins stay updated. If you enable Jetpack, you can keep them updated automatically. Between automatic updates and protection from brute force attacks, it’s unlikely that your site will become a victim of malware.
3. Site downtime
Every site owner’s worst nightmare is having their site go offline for a period of time. Sometimes this is caused by hackers, and sometimes it’s just bad luck. Either way, it’s crucial to be prepared for the unlikely event of downtime. Be positioned to get your site back up and running as soon as possible. This entails finding ways to keep it backed up.
There are many plugins that schedule and perform daily backups. Jetpack enables regular site backups with upgraded plans. Backups make it possible for you to weather any issue and restore your site with just one click. If you can’t afford a plugin that will back up your site, don’t worry — WordPress.com has a team of experts dedicated to keeping your site from going down in the first place.
If you’re not a security expert, that’s okay — you can still rest assured that your WordPress.com website is safe. All three aforementioned security concerns (plus many more) are actively being monitored by the website-security experts at WordPress.com. This team takes the security of your content and of the WordPress.com platform very seriously. Don’t stress about trying to secure your site by yourself — if you’ve chosen WordPress.com, your biggest security concerns are already taken care of.
WordPress.com Courses make it easy to start that blog, website or podcast.
Build, publish and grow your blog, website or podcast with on-demand go-at-your-own pace courses taught by WordPress experts.Browse courses