Having your event website going down because of poor security is not a risk you want to take. Here are some simple steps to protect it.
A few days ago WordPress released the latest version of its core, 4.2. Shortly after 4.2.1 was released to fix a comment hijack bug that could expose millions of websites to outside attacks. By the way all our event WordPress themes are compatible with 4.2
If you run a website, there is a risk that your site could be hacked, this is an unfortunate reality. Most of the times your site could be used to orchestrate more elaborate attacks to larger websites, in some other cases there may be someone looking after the data of your users.
While a motivated hacker will almost always succeed in hacking a site, there are basic things you can do to make their task more difficult.
Let’s look at 5 key tactics to secure your event website…
One of the most popular mistakes is to pick ‘admin’ username for your Administrator account. This will make the task of the hacker particularly easy.
If you are creating a website from scratch, pick a different than ‘admin’ username. If you already have it for your account, in true WP fashion, there is a plugin for that!
Download the Admin renamed extended plugin that will help you to rename the default admin username.
Having a strong password is very important. 12345 won’t really work. I always recommend Showthemers to use services like 1Password or at least generate the password via sites such as Strong Password Generator.
Mix symbols with uppercase, special characters, numbers, lowercase. The more incomprehensible, the better.
Two step authentication is another popular choice to discourage security breach. Two step can be implemented at different levels.
You could ask your hosting provider to enable server authentication or you could use an external service.
One I particularly enjoy is Clef that has developed a very smart way to manage the whole process and with no passwords or tokens. Just use the Clef app to scan a barcode and you are in.
If you have purchased one of our supported packages and posted a query, we have asked you to provide a temp admin account with username and password.
In fact it is virtually impossible to troubleshoot without access to the backend and admin level privileges. Showthemes has a strong policy in place when it gets to security and NDA agreements with developers supporting our products. Not all plugins or themes may have the same level of security.
Said that there are a couple of considerations to keep your website secure.
– Never share your main administrator account, create a standalone account. You can use Admin Editor Pro plugin to limit view of specific user if you have sensible data such as attendees ticket purchases.
– As soon as the problem is fixed, delete the account. You don’t want to keep any support account open. You will create a new one if new problems will arise (very unlikely with our WordPress themes 😉 )
If there is entering of credit card numbers on your site, you need to have HTTPS enabled on that page, this is the law in some countries.
Where the transaction happens is key. When you purchased from us you may have noted that you were taken to Paypal for the actual transaction, no credit card details where entered on our site. This is because we want the data to be securely stored on a super secure site.
You should check with your registration provider if you comply with security requirements in your country.
These are very basic tips that can keep your event website secure. There is definitely more than that and there is not such thing as certainity that you won’t be hacked.
Show the person wanting to break your site that you at least know the basics and you will avoid automated hacking attempts.
If you are concerned about the current security of your site the official WordPress.org guidance is a great starting point.
The safety of your event and attendees is key, also online!