BreachExchange mailing list archives
Disaster recovery for WordPress sites
From: Inga Goddijn <inga () riskbasedsecurity com>
Date: Wed, 5 Oct 2016 18:38:40 -0500
https://www.godaddy.com/garage/webpro/security/disaster-recovery-for-wordpress-sites/ The internet is many things: it’s powerful and ubiquitous, vast and intelligent. But one thing it’s not: safe. When creating any new WordPress site, the first thing to think about is what happens if it’s destroyed. Two words: Disaster recovery. Cyber threats are ever increasing in number, efficiency and sophistication. In 2015, zero-day vulnerabilities occurred every week <https://www.symantec.com/about/newsroom/press-releases/2016/symantec_0411_01>, and over a million websites were attacked each day. It’s hard to overestimate the scale of the problem. If you have a WordPress website, you’re no doubt aware of the terrifying and bewildering array of malware that’s out to exploit vulnerabilities and bring you down. The online world is crawling with bugs, worms, viruses, adware, spyware, ransomware, rootkits, Trojan horses and net bots. These can infect security holes, take control of our websites and use them to host bad content or to ‘spamvertise.’ They can spy on us, take sensitive information and personal records, and harvest customer data. They can hold us ransom and steal money. WordPress plugins, extensions and themes <https://www.godaddy.com/garage/webpro/security/security-tips-plugins-themes-extensions/>are likewise vulnerable; some might simply be bad from the start. The more you customised your website, the more at risk it becomes. Threats come from all directions, and in this dangerous, dog-eat-dog online world, we’d be foolish not to protect ourselves and prepare for the worst. The cost of having your WordPress site hijacked or destroyed is immense; think of the wasted hours and the damage to your reputation, user confidence and web ranking — and that’s before you include the cost of stolen data or money. Start with little wins A lot of automated threats pick off the weakest first, so taking even the simplest precautionary steps can make a big difference in the long run. Here are a few easy ways to secure your site quickly: *Secure your Login page* and implement strong passwords, two-step authentication <https://www.godaddy.com/garage/webpro/security/setting-two-factor-authentication-wordpress/> and limited login attempts. *Keep up-to-date*, getting automated updates on your WordPress core, along with all themes and plugins (which you should keep to a minimum and carefully review before installation). *Install security applications* and web-application firewalls. *Limit access,* changing file permissions, hiding author usernames and restricting user access. *Use .htaccess to protect your most important files* (like your wp-admin directory and wp-config.php file) and use SSL <https://www.godaddy.com/garage/webpro/security/wordpress-ssl-for-managed-wordpress/> to encrypt data. *Constantly monitor* using logs to keep track of what’s happening on your website and files. Steps like these go a long way to managing the risk and mitigating the threat. Embrace backup plugins With new ways of hacking and new vulnerabilities being discovered all the time, it’s vital that you have a last line of defense, the ultimate insurance policy for any kind of catastrophe: *backup plugins. * Creating regular copies of your website is a vital. What’s more, backing up your website is quick and easy. Your web host may provide a backup service (GoDaddy Managed WordPress <https://www.godaddy.com/websites/wordpress?isc=cardigan> offers daily backups and one-click site restore, for example), although there are plenty of good plugins that are more comprehensive and convenient, and most of the basic versions are free. When considering which backup to go for, it’s important to choose wisely. You need something that’s completely trustworthy, but also something that’s intuitive and has everything you want. Here’s a checklist of things to look out for in a backup plugin: 1. Reliability Never take a risk on an unknown backup plugin. You need something solid, something tried-and tested: a plugin that’s widely used, with excellent reviews and a top-star rating. Check out the rating <https://wordpress.org/plugins/search.php?q=backup> before you make your choice. 2. Cloud storage options Using an offsite location such as Dropbox, Amazon S3 and Google Drive to store your backups means your backups remain safe even if your physical file server is destroyed. Cloud backups are secure, affordable and simple-to-use. They also give you anytime, anywhere access. Astonishingly, some plugins backup to the same server as your website — avoid these if you want to keep your site safe! 3. Scheduling functions Choose a plugin with a scheduling function to ensure that your backups take place automatically, regularly and consistently, with minimal effort on your part. Plugins like UpdraftPlus <https://updraftplus.com/> enable you to set up backups to take place daily, weekly or monthly at the time of your choice. How often you schedule in backups depends on factors like your website’s size, frequency of updates and daily traffic. 4. Comprehensibility It’s ideal to have a plugin that can back up not just your website, but all related files and databases, including those not on WordPress. Some plugins, like UpdraftPlus, can even import and restore backups that have been made by other backup plugins. 5. Ease of restoration Opt for a plugin that makes backup restoration quick and easy. If anything bad happens to your website, the last thing you need is hassle in making things good again. Ideally, opt for a plugin that allows you to restore individual websites and files, too. 6. Security There’s no point in having a ‘last line of defense’ that isn’t robust against security threats – backups can also be hacked! A plugin like UpdraftPlus encrypts your stored data and uses encryption when transporting your website to cloud storage. Take some of the sting out of disaster recovery Once you’ve chosen, installed and setup your WordPress backup plugin, you’ll barely have to think about backups again. That is, until the day of disaster, when you can easily restore your shiny, untainted website in a matter of minutes. The right backup plugin can take much of the sting out of disaster recovery. There’s nothing like the smug, satisfying feeling that comes from knowing that your foresight and preparation saved your WordPress website from disaster.
_______________________________________________ BreachExchange mailing list sponsored by Risk Based Security BreachExchange () lists riskbasedsecurity com If you wish to Edit your membership or Unsubscribe you can do so at the following link: https://lists.riskbasedsecurity.com/listinfo/breachexchange
Current thread:
- Disaster recovery for WordPress sites Inga Goddijn (Oct 06)