Secure WordPress: What You Need To Know And Do

The number of WordPress websites hacked in the year 2012 was reported to be an astonishing 170,000. And there is a consistent increase in this figure every year.

Below are five useful tips, which can help restaurant owners protect their WordPress websites from cyber-attacks:

Tip#1: It is recommended that restaurant businesses using WordPress websites keep all their software, including Plugins, Themes and core WordPress, up-to-date.

Tip#2: Keep a complicated password, which is used solely for the WordPress website.

Tip#3: Make use of SSL encryption. Banks as well as social media websites such as Facebook utilise https:// SSL encryption.

Tip#4: Use WordPress Sucuri Scanner or WordPress WP Security Scan to regularly scan your website for malware.

Tip#5: Use Login LockDown. Additional details about this can be sourced from:WordPress Login Lockdown

The Login LockDown plugin for WordPress has the ability to record the timestamp and IP address of every unsuccessful login attempt. When the number of attempts cross a certain number within a brief time period (same IP address range), the login function gets disabled for any request in that range.

This helps prevent the discovery of password by any hacker. By default, the plugin is set for a hour long lockout for IP blocks after three unsuccessful login attempts. The lockout happens when these failed attempts are made within a time frame of five minutes. You can modify this through the Options panel.

Several thousand websites get hacked each day and these hacked websites have the ability to cause harm to the users. This is because they serve malicious software, gathering personal data or redirect visitors to websites they had no intention of visiting. Recovery from such a hack is usually a complex process and takes time.

Restaurants are reported to be the businesses most frequently targeted by cyber-attackers for data breach. Read more about this via the following link: Verizon Enterprise reports data breach investigations report

When your business website gets hacked, whether it is related to the breach of customer/client information or download of malicious software on the user’s desktop. The brand image gets tarnished and in some cases, it can take months or even years for the brand’s trust and credibility to return. The resolution of this issue also requires significant amount of time and financial investment by the company.

If possible, you should avoid live installation for updating WordPress. This is because if there is any problem, it might be difficult for your users to access the website properly and some of the functions may not work correctly. Even worse, the whole website could encounter The White Screen of Death.

Below are some steps to help you manage an update for your website:

• A version of the website should be installed on a separate development environment on your server – (depending on your hosting provider, this task will not always be possible to do).
• Carry out a test on the development environment to ensure all functions are working properly (including cross browser checks)
• Perform the update for WordPress on that development environment.
• Perform any updates to WordPress core, theme and plugins on the development environment. (once updated, test everything including the plugins one by one)
• Fix to any software conflicts, which might have been caused the software updates.
• The live website server files and database dump need to be backed up.
  Combine all fixes with your live site files and update the website (live server).
• Before making the test site version live, ensure everything is still working correctly (perform cross browser and multi-device checks)