18 January 2016

What makes an outstanding website? And more significant question if you’re in a business, “What can make your website rank higher on a search engine such as Google?” Well, having great content and design for your site isn’t enough. You’ve to go an extra mile — to improve your website security — to ensure your website is making the grade concerning your business’s bottom line.

Let’s face it — WordPress has emerged as a leading CMS (Content Management System) for most firms. This is partly because of its ease of use among web designers and administrators, besides its extendable capabilities with plugins and themes. If you’re reading this blog article, I can bet 100% that you’re using WordPress as your CMS.

Besides being mobile-optimized, SEO (Search Engine Optimized) and improved performance, your website has to be secure for it to make the grade. It doesn’t matter whether you’re using WordPress, Drupal, or Joomla. You still have to improve your web security despite using WordPress, Drupal, or Joomla.

There’s no doubt that website security threats and susceptibilities have increased tremendously due to fast-paced and ever-advancing IT capabilities. Any breach in security on your website can compromise your bottom line. In fact, Google algorithm has recently included web security as a parameter when ranking of websites.

What does this mean for your business?

Well, it implies that only websites or blogs that have improved securities will be ranked higher, therefore, increasing your visibility among your visitors and customers. I know you’re now thinking, “How can I improve the security of my WordPress website?”

In “How to Improve the Security of Your WordPress Website” we review steps that you should undertake to improve your website security. So, let’s dive in.

Web security is implemented through SSL

SSL (Secure Socket Layer) is a standard protocol that allows information to be exchanged securely over the Internet. This protocol establishes an encrypted channel between the sender and the receiver — or between your customer’s browser and your web server — to ensure there is trusted connection for transmitting data. If you’re running an e-commerce website, then your customers must be assured that information they are exchanging with your server is encrypted.

By encrypting the data in transit between your web browser and the web server, SSL will ensure that the information isn’t accessed even if a third party person — or hacker — gets hold of that information. For you to use SSL, you should have a valid SSL certificate installed on your website server. The SSL certificate is usually purchased from third party vendors and once it has been installed users will access information from your website using the HTTPS protocol as opposed to HTTP.

So, how can you use SSL on your WordPress site?

There are two methods for enabling SSL on any WordPress site. These two approaches are:

  • Setting up manually.
  • Using the WordPress’s security plugins.

Now, before you begin the process of enabling the SSL, it’s important that you backup your WordPress data, just in case the worst happens. Let’s discuss these two approaches.

#1: Setting up SSL manually

Here are steps that can help you set up your SSL manually on a WordPress website:

  • Open your WordPress’s installation file: “wp-config.php”. Ensure you use your hosting account’s editor.
  • Look out for the “wp-config.php” file, and then click on the “Edit” button.
  • Now, locate the following line: /* That's all, stop editing! Happy blogging. */ from the “wp-config.php” file that you’ve just opened for edit.
  • Type these two lines direct above it. Remember to remove the quotes where necessary.
define ('FORCE_SSL_ADMIN', true);
define ('FORCE_SSL_LOGIN', true);

Remember to remove the quotes where necessary.

  • Here’s how your “wp-config.php” should look like after inserting the two lines:
define ('FORCE_SSL_ADMIN', true);
define('FORCE_SSL_LOGIN', true);
/* That's all, stop editing! Happy blogging. */
  • Save the changes that you’ve made. You should now see https in your browser’s address bar when you open you log in to your admin account.

#2: Using the WordPress’s security plugins

There are various plugins that you can use to help you improve security on your WordPress website. Some of the most common plugins that you can install on your website are:

  • The iThemes Security. It used to be called the Better WP Security. It provides over 30 ways that you can secure your website. With this security plugin, you’ll be able to enforce brute force protection, monitor your core files for any security changes, hide both your login and administration details and provide you with two-factor identification.
  • The Wordfence. With the word fence, you can scan for file changes on your system, block I P addresses, enable custom alerts and enforce country and country redirects.
  • All in One WP Security. The All in One WP Security plugin is all you need if you want to have a basic firewall on your WordPress site besides monitoring your user accounts obvious vulnerabilities and enforcing brute force logins.
  • The Sucuri Security. With this security plugin, you’ll be able to enforce brute force protection on your WordPress website and monitor your core files for any security changes.

Well, there you have it — you can now set up SSL on your WordPress website. Having an SSL enabled website is only the first step towards securing the transmission of data between your web server and your client’s browsers. You shouldn’t stop there. This is because today’s online security risks and vulnerabilities are multi-faceted.

Therefore, besides having an enabled SSL on your website, you should also ensure the passwords you use on such a site is strong. You should also ensure that all your plugins are updated if you want to stay secured. Keep us posted for any inquiries concerning website development, software development, and e-commerce development.