Website has become an integral part of any business whether it is a Small Scale or Large Scale Businesses. Each and every business has realised the importance of website and they have started website for their business. Since the websites are being created every day, this also brings the major concern about the Security of the website.
Based on a recent study, around 30,000 new websites are hacked each day. WordPress sites can be target for attacks because of plugin vulnerabilities, bad coding standards, weak passwords etc.
We at PG Softwares, by default we add these following security measures for your WordPress CMS website before making Live.
BASIC SECURITY PACKAGE (FREE):
iTheme Security Plugin:
We install this iTheme Security Plugin in all the wordpress websites developed by us. This is the best security plugin in wordpress which provides so many features and settings. This iTheme Security plugin has 30+ options to protect our website from the threats. This plugin is considered as the best security plugin because of its features. This plugin has 800,000+ Active installs with rating of 4.5 starts out of 5 which is an incredible stat. iTheme Security plugin has both free and pro version. By using this plugin in every website which is developed by us, we ensure that your site will be threat free.
Login Attempt Limitation & Lockout:
We follow various security procedures in PG Softwares while developing a website. Limiting the login attempts is one such thing. We will be blocking the User / Host temporarily from the site for specific period of time if he exceeds limit of Bad Logins. We will also block the user / host permanently if the user / host has been blocked temporarily so many times. We also activate the Email Lockout Notifications which informs the administrator of the website if a User / Host are blocked.
Secret Login URL:
Hackers are very much aware of the Admin Login URLs of a wordpress website. By Changing the Login URL of the wordpress website, hackers won’t be able to perform login attempts with automated attacks. Instead of having common login URL, We will be having a secret login URL which will be harder for the hackers to find and attack website.
Monthly Updates of all plugins and themes for one year FREE:
Be it wordpress or wordpress themes or plugins, all are updated frequently by the developers. An Update may be because of an extra added feature or bug fixes or security updates etc. Website Development is not one time process, We have to regularly check our website for updates. At PG Softwares, we provide FREE Maintenance Service of website for one year. This process includes Monthly Updating of WordPress Software, WordPress Theme and Plugins etc. By doing regular updates, we can keep our website safe & secured.
Admin User as Subscriber for Security:
There are few common mistakes made by developers and website designing companies. Major mistake is creating Administrator user with username as “admin”. It is cake walk for a hacker to try with such usernames and attack the website. As part of our security measure, we always create a user with username as “admin” and restrict their role to Subscriber (normal user without any writing or editing or deleting capabilities) which means even if the hacker hacks with the username admin, he won’t be able to do anything.
Automatically ban “admin” User:
As we discussed in the previous section, we create a user with username as admin without providing admin rights for security purpose. We will immediately ban the host if anyone attempts to login with the username as “admin”. By enabling this feature our website will be safe and secure without any threats.
As we already discussed about the common mistake made by website designing companies, another one is selecting a strong password. Selecting a password plays an important role in our website security. Passwords should not be easily guessable. Password should consist of Numbers, Strings, Symbols etc. Always use Strong Passwords with Junk Characters. By Default we will be creating a Strong Password for our clients. But what if our clients change the password which is weak? For these kind of issues, we make sure that even if the client changes the password, the System won’t accept the password if it is weak. By making these settings, we ensure that your password is not vulnerable.
Disabling File Editor:
Disabling File Editor option from the Admin Dashboard is an important security measure which is part of our process. By enabling this setting, users will be restricted from editing the theme files or plugin files from wordpress admin dashboard. Once this setting is activated, user has to edit the files using another source other than WordPress Admin Dashboard. By making these settings, we are making it harder for the hackers to edit or delete any theme files.
ADVANCED SECURITY PACKAGE (PAID):
Apart from the Security option discussed above, we provide highly advanced security features in a separate paid package. Following are the advanced features which come under this Advanced Security Package.
Two-Factor Authentication is an advanced security measure which provides an extra layer of security while logging into the website. In this method, User or Admin will be asked for an extra authentication code other than Username & password. To access this authentication code, User must use the device which is paired during the Two Step Authentication setup process. For this setup process, we use a standard called TOTP (time-based one-time password provider). Any two-factor authentication app that supports TOTP can work. This is an advanced Security feature for your website.
Automatic Malware Scanning:
Another advanced security feature we provide is Automatic malware scanning. By enabling this feature, we can schedule the system to conduct Automatic Malware Scanning on daily basis and we can even enable email notification. I.e If an issue is found in our website, Email will be automatically sent to Administrator about the issue. By using this advanced feature, we will be having full control over our website without any kind of security problems.
Password Expiration is another powerful and advanced security feature which provides extra level of security for website. Here we can force a specific user to change their password or we can force all the users to change their passwords immediately if there is any emergency. We can also set a maximum age for a password, so that every user will be asked to change the password automatically after a certain period of time. By changing the passwords frequently, we can keep our website safe without any problems.
Security Audit Log:
Another Important Security addition to this Advanced Security Package is this User Action Logging. This is a much needed feature if your site has multiple users. Monitoring multiple users is a tedious job. There is high chance of whole website getting affected because of one user’s activity. Using this option, we can track each and every user about their login logout activities and when they add or edit the contents etc. So this feature will help us track every user’s activity in website.
NOTE: We build world level security measures, any way we cannot give 100% assurance from hacking attack. So we always suggest our clients to go for monthly backup maintenance service contract and go with SSL Web Hosting.