WordPress Security Best Practices
WordPress websites are constantly scanned by hackers for security weaknesses.
If you’re running WordPress as your website CMS for your Medical Website you must take this threat seriously.
On the positive side, WordPress is an amazing free tool and we recommend that all our clients use it. In fact, 27.5% of all websites globally use WordPress as their core Content Management Software (CMS) because of the low cost, and high power and control it gives owners and developers.
On the negative side, WordPress is an Open Source product and its ubiquitous usage makes it a prime target for hackers.
Understanding the Risk
Hollywood would have us believe that Hackers are people. In reality, the type of hacker your website is most likely to encounter will be a robot search program (bot). These bots scan the internet continuously (at extremely fast speeds) searching for WordPress sites that have been poorly maintained, were configured incorrectly, or do not follow best practices of security.
The fact is, for your practice to be successful, you want search engines to find your site. And as soon as they do, you must expect that your site will be scanned for weakness. It’s an unfortunate fact of life and business today.
Strong passwords are long, random, unique, and use extra characters. Essentially password security is little more than a numbers game. Brute Force attacks simply try different character combinations in quick succession. It’s an interesting algorithm and I’ll save us both the math by listing the following results. We have the following options on our keyboards:
- numbers (10 different ones: 0-9)
- letters (52 different ones: A-Z and a-z)
- special characters (32 different ones)
Using these options, it takes a fast computer the following amount of time to find every possible outcome:
- 5 Characters: 0.03 Seconds
- 6 Characters: 9 Minutes
- 7 Characters: 26 Days
- 8 Characters: 9.1 Years
We can significantly reduce the effectiveness of brute force attacks by limiting the number incorrect password attempts and there are other strategies as well. All of these efforts depend on users who use long, random, unique and extra characters in their passwords.
Specifically, for Medical Websites it’s essential that your website be configured with Secure Socket Layer Encryption. You can see if your site has this by looking for the Green Secure Lock at the front of your website URL. This is also designated by the (https) at the front of your website address. Non-encrypted sites just have (http).
Proper WordPress Configuration and Hosting
WordPress Installations out of the box are notoriously easy to crack. It’s important that your website developer understand how to install the software correctly and how to modify its setup to increase security. This also holds true for your website hosting and FTP Access Methods. Make sure you use a reputable team that has extensive experience with the software implementation, and make sure your website hosting provider is both reputable and responsible. No amount of WordPress Security can undo weaknesses left open by a poor website hosting provider.
WordPress is an Open Source Software Tool. When security updates are rolled out, it’s not long before everyone who wants to know, will know, what security weakness or problem was corrected. That means that hackers are aware of the security risk in the older versions of the software, and it gives them exactly what they need to scan and exploit.
By keeping your website well maintained and updated, you prevent these known weaknesses
from being your undoing.
This applies to both the core WordPress Software as well the Plugins and Themes that are attached to WordPress.
Interested in a Security Audit?
RH Medical Marketing has extensive experience with WordPress and WordPress Security. If you have a Website for your Medical Practice and you are concerned about your security, or if you have recently been hacked, call Rob at 312-632-9253 or fill out the form at the bottom of this page. We can help.