Maintaining good website protection is not the most exciting part of running a website, nor is it supposed to be. However, just like with many other upkeep tasks in life, like brushing your teeth twice a day or that annual checkup at the doctor’s office, making sure that your site has adequate security will pay off in the long run. In this short article, we will go over some of the tasks which should be performed on a regular basis in order to ensure proper protection for your website.
1. Download Your CMS from a Trusted Source.
CMS stands for a Content Management System. This is a type of website software that allows you to build your site with little to no coding involved. Due to their ease of use and versatility, CMSs are the preferred way of building websites nowadays.
There are literally hundreds of CMSs to choose from, both free and paid, so you should take your time and research what different CMSs have to offer. Once you pick the CMS that is right for you, you should pay special attention to the page which you use to download the CMS files. Our recommendation is to grab the files directly from the website of the CMS developer. Conversely, you should avoid downloading the CMS files from third party websites as the CMS files may be have been altered. Also, when you download your CMS from a third party distributor, you are not guaranteed to get the very latest version of that CMS.
Tip: are you already an AwardSpace member? If so, you may be familiar with the Zacky Installer section of the Control Panel. Zacky Installer is a tool that allows you to easily set up popular CMSs like WordPress, Joomla, OpenCart, and others. The AwardSpace Administrator Team ensures that each CMS listed in Zacky Installer is fully compatible with our hosting platform and that it is running its latest available version. If you are not sure how to use Zacky Installer, you can read our detailed Zacky Installer tutorial. On our free hosting plan, Zacky Installer is able to set up popular CMSs like WordPress and Joomla. If you use a paid hosting package, on the other hand, you can install over a dozen powerful CMSs, including some of the most popular e-commerce packages like OpenCart and Prestashop.
2. Pick Your Plugins and Themes Carefully.
The aspect that makes CMSs so popular is the fact that most of them are built with extensibility in mind. This means that in most cases you can install third-party plugins to the CMS in order to gain new functionality. Similarly, all major CMS packages support third-party themes that can be used to introduce a completely new design aesthetic to your website.
When picking a theme or plugin, you should once again pay close attention to the website that you use to download these files. The download page should be either a part of the plugin/theme developer’s website or it should be a part of a plugin/theme directory that is officially sanctioned by the CMS creators. A good example of a trusted plugins directory for the WordPress CMS is the WordPress.org Plugin Directory where all plugins are vetted and tested before being added to the collection.
Not all plugins and themes are created equal, however. While browsing a plugin or a theme directory, you will likely notice star rating, reviews, and download numbers for the various plugins/themes that are available. Below are two simple rules which will point you to the best plugins/themes to download:
- if several plugins/themes achieve the same outcome, download the one that has the highest number of downloads, even if its star rating is a bit lower than the competition.
- check the version history of each plugin/theme and pick one that gets updated on a regular basis.
3. Regularly Update Your CMS.
One very common mistake that novice website owners make is to “set and forget” their website, when in fact they should be doing the opposite. Having a site online requires regular maintenance and at the center of that maintenance cycle is checking for updates for your CMS. Most CMSs nowadays have a built-in update mechanism, so performing this task should take you less than a minute. What is more, depending on your CMS, you may even be alerted via email once a new version of the CMS is available for download. If you are using WordPress, you can check our article on how to update the WordPress core. Our recommendation is to check for CMS updates at least twice per month and apply new updates as soon as possible.
4. Regularly Update Your Themes and Plugins.
Just like with the core CMS installation, you should also regularly check whether there are any updates for your installed plugins and themes. CMSs normally display a badge or a banner when new updates are available, so they should be easy to spot. If you use WordPress, you can learn how to update WordPress plugins and themes in this article. Checking for and installing updates at least twice per month will ensure that any newly-found bugs are quickly patched and that your site will remain protected.
5. Remove the Cruft.
Every so often it is a good idea to do what amounts to some “spring cleaning” of your website. Go over each installed plugin and theme and ask yourself if you really need it. Chances are that there will be a few plugins or themes that you installed as a test and then forgot about them. Removing these unnecessary pieces of software enhances the security of your website by reducing the points of failure and may even improve your site’s loading speed. You can read the following article in order to learn how to remove plugins from WordPress.
You should also consider removing or replacing any themes/plugins which haven’t seen an update in several months or years. If a plugin was last updated two years ago, for example, there’s a good chance that the developer has abandoned the project and you are now left vulnerable to attacks. Therefore, it is highly recommended that you check your site for abandoned themes and plugins at least once per year and have them replaced with alternatives that are still under active development.
6. Use a Strong Password and Two-Factor Authentication.
At the end of the day, choosing a strong password for your CMS login still matters. You need to avoid recycling the same password across multiple websites. Instead, you should create a unique, randomly-generated password for your CMS. The benefit of using a unique password is that even if another website where you have a registration gets hacked, the attackers can only get your password for that hacked site and your CMS installation will remain secure. There are plenty of websites and services that can generate secure passwords for you, including some completely free options, such as Random.org’s password generator.
Another great way to supercharge your CMS security is to activate two-factor authentication for your CMS login. The majority of popular CMSs offer this feature nowadays and the setup process is fairly straightforward. With two-factor authentication active, you will receive a text message or a push notification on your smartphone which will contain an additional one-time password that you need to enter whenever you log into your CMS from a new device.
7. Back Up Your Data.
No matter how diligently you maintain the security of your website, there is always a small possibility that it can be compromised by a third party. Because of this, it is certainly a good idea to perform regular backups of your CMS. If you are using one of our premium hosting plans, we will actually take care of this step for you by creating weekly backups on your behalf.
Running your own website can be a greatly rewarding experience – you can connect with people from all over the world who share your passions and interests. And with just a little bit of effort every now and then, you will be able to ensure your website’s smooth operation for years to come.