Your Real Estate WordPress Site Could Be In Danger
Nowadays, it’s more important than ever to keep your WordPress-based real estate website up to date with the latest security recommendations in order to prevent the unwanted from happening. Because hackers are becoming more and more experienced every day, you can no longer “get by” with the default security measures on your site. So what are the necessary steps for you to take in order to protect your work? We’ll show you.
6 Ways To Ensure Your Real Estate Website is Properly Defended
1. Check your login credentials. Make sure they are unique and hard to guess.
If you’re using generic login credentials or easy-to-guess passwords, you have a major weak spot in your defense. Hackers use special brute force tactics that generate hundreds and thousands of different password attempts. If your password is easy to guess, you simply make their job easier.
More often than not, hackers specifically target wp.engine, wp-login.php., and xmlrpc.php which is why devising strong, unique passwords are necessary to protect your real estate site.
So what is a strong, unique password? It should contain 10 or more characters with at least the following:
- 1 uppercase character
- 1 lowercase character
- 1 number
- 1 special character
You can also add an extra layer of security by implementing two-factor authentication (2FA) when logging into your site. When used, you will be required to give an additional piece of information like a verification code sent to your phone. So if somebody does successfully guess your login credentials, they have another hoop they must jump through.
A few plugins you can use for 2FA include Google Authenticator and Duo Two-Factor Authentication
2. Use a Password Manager app to create and store strong passwords for you.
Nobody wants to remember long, complex passwords for each of their accounts. With a Password Manager you can generate strong, unique passwords while also storing all of them safely and securely. Passwords are your strongest defense against hackers, so don’t wait any longer to increase your website’s protection.
An added benefit to Password Managers are their autofill features which means your login credentials will automatically be filled in for your existing accounts. You can say goodbye to days of typing in long, complicated passwords.
LastPass and 1Password are just two Password Manager apps we recommend. These apps are functional on any device and software. By using either of these apps, you can rest easy knowing your passwords are secure. Learn more about these Password Managers.
3. Police Your Logins, and Limit Attempts.
Knowing who has access to your site is one of the easiest ways to catch any suspicious activity. It’s important to know WordPress user roles and their capabilities before adding new users to your site. Limiting access to the admin account provides less room for error.
When it is necessary to add a new user, it’s wise to give them the lowest level of permission at first and grant temporary permission when need be for projects. Make sure to delete old users that are no longer active on the site.
In addition, limiting login attempts will prevent hackers from using brute force tactics to break into your site. You can use plugins like WP Limit Login Attempts, Lognizer, and Limit Login Attempts to put the necessary restrictions on your login page.
4. Be Mindful of Your Hosting.
Where your site is hosted drastically influences your security. There are both shared hosting platforms like Bluehost or Siteground and managed hosting platforms like WP Engine.
Shared hosting sites provide extra measures of security for you, but there is a higher risk of hackers using a neighboring site to gain access to yours. With a managed site like WP Engine, you receive added benefits like automatic site back-ups, SSL certificates, and automatic site updates, but it’s less versatile than shared hosting platforms.
It’s important to know the details of your hosting plan and how they are protecting you from hackers.
5. Maintain your Backups Systematically.
There are few things worse than working hard on a site or a new page, and then having it all vanish. In the event someone does get past your defenses, a backup of your site becomes invaluable.
A backup allows you to restore your site exactly the way it was before it disappeared. But here’s the kicker: you need to backup your site on a different server than your current one (i.e. a cloud service like Dropbox).
With a host like WP Engine, your site is automatically backed up every day, so your latest and greatest website updates are saved.
If you are manually updating your site, make sure you conduct backups when:
- You update plugins or WordPress itself
- Before doing any site changes, big or small (you never know what could break or why)
- Give admin access to new users
6. Keep WordPress and Your Plugins Up to Date.
It’s imperative to keep your plugins up to date because non-updated extensions and plugins can leave holes in your defense. Similarly, you also need to be aware where they are coming from. Most plugins are operated by third party developers, so be mindful of their security credentials.
While plugins affect the security of your site, they also affect the site’s loading speed. To avoid this issue, only install plugins you absolutely need and deactivate ones that are no longer in use. It’s important to create a great user experience for your site’s visitors. Less is most definitely more when it comes to the number of plugins on your site.
One of the best security plugins to install on your WordPress site is the Sucuri Scanner. A few of its features include Malware scanning, Failed Login Attempt tracking, and Brute Force protection.
Don’t have time to manage the security of your real estate website? We have a plan for you.
Lightmark has a dedicated hosting environment for our clients that include multiple, powerful firewalls. We perform monthly updates to all site assets (plugins, WordPress, etc) while also installing SSL on all of our hosted sites to keep the data secure that users enter on the frontend.
We follow the best practices when creating new sites for properly hardening WordPress security. We safely store all daily backups, so if a problem occurs, we can get your site quickly working again. In addition, we monitor uptime for all of our sites. If there are ongoing connectivity issues, or if a site goes down, we are able to act quickly to resolve the issue.
If a site gets hacked on our server (which is far beyond rare), we’ll take care of the hack repair.
Lightmark is here for you and we want to help you stay protected against even the most experienced hackers. Click below to get an estimate on hosting your WordPress site with us.