If you have a content management system like WordPress, security should be your number one priority after the design. Here’s how we do it:
On average, a small website with around 100 weekly visitors can get at least 70 failed login attempts a day, and that’s just from one country!
Overlooking security is like leaving your front door unlocked when you leave for work in the morning, hoping no one enter’s during the day. A simple response would be “it’s unlikely anyone would enter”, but you’d be surprised. Website security isn’t just about making sure you have an SSL certificate, it’s a number of little things:
Whenever we setup a CMS, we don’t know the back-end passwords. We randomly generate them and store them offline on a hard drive so it’s virtually impossible for the passwords to get out in the wild by a data breach. For personal accounts, we’d recommend Lifehacker’s ‘Five Best Password Managers‘ article. Great for anyone looking to secure all their personal passwords.
Hidden login pages
The worst part of any website is having admin login pages accessible to the public. So we hide them the best we can, and block access to them when you’re not logged in. We’ve found this prevents false login attempts by at least 80%, sometimes getting rid of them altogether!
Difficult to guess usernames
Any account shouldn’t include the website name or ‘admin’ because it can give an attacker a jump start. FCD don’t do this. We create usernames unique to you with no relevance to the website name or ‘admin’, ensuring it is difficult to guess.
Tracking and prevention
Security platforms that track changes, modifications, login attempts etc. are utilised to their full advantage to automatically block stuff. Though, the best form of prevention we practice is done through website maintenance. We invest a lot of time into making sure everything is safe, triple checking files and the fine edges of a website every time we do maintenance.
Think your site could do with a security check-up? Get in touch.