How To: Improve Website Security

Security is a topic of extreme importance for all WordPress website owners. We go to great lengths to provide you with enhanced website security features at BigScoots by deploying enhanced brute force protection, a custom firewall solution, spam filtering, malware scanning, network wide DDoS protection, among many other practices.

In addition to the features we configure as your hosting provider, there are further measures you can take to ensure your website is protected against any malicious attacks and security breaches, and our BigScoots team members are here to tell you how!

enhanced website security

Security Plugins

It is important to note that using security plugins may have both positive and negative impacts on your site. Throughout our testing, we have found that oftentimes security plugins are found to be blocking legitimate requests and more critically the scans they perform can greatly impact overall website performance.

If you are someone who chooses to manage the security of your WordPress website yourself without the help of a fully managed WordPress hosting provider, a security plugin can be a very helpful tool.

We like to think of some security plugins as an extra pair of eyes for the security of your WordPress website.

BigScoots Security

At BigScoots, we block access to all scripts that do not need to be accessed from the outside world to prevent attackers from sending requests to scripts that are potentially vulnerable. If the script does have a vulnerability the attacker can exploit and they attempt to do so, we will immediately block the request.

With our fully managed WordPress hosting services, we will also proactively monitor for irregular resource consumption which can be an early indicator of an exploit. We dig deep into stuck PHP processes and database conflicts which can be a result of malware. We also regularly upgrade and expand our on-premise security appliances designed to block attacks before they impact you or your visitor’s

Cloudflare Pro

CloudFlare Pro is a fantastic paid security option that adds an industry leading Web Application Firewall (WAF) to your site. The WAF will sit in front of your site, so any and all load a WordPress security plugin would normally expose your site to will be handled entirely off server at Cloudflare, resulting in zero impact to the performance of your website.

Staying Up-To-Date

This is largest cause of attacks against WordPress websites. Internet bots scan websites in search of WordPress versions, plugins, themes, etc. that are out of date. Once found, they send out random attacks in the form of brute force attacks, SQL injection attacks, backdoors, remote code execution, and much more!

Pro Tip: It would always be my recommendation to create a backup of your website prior to updating your WordPress core, plugins, or themes. As a Fully Managed WordPress client with BigScoots, we provide you with 30 days worth of backups stored off-server on our dedicated backup appliances. You are also able to take a manual backup at any time you’d like.

Plugin Selection

There are three major points to look out for when choosing a plugin for your WordPress site.

  • Last updated date. Ensuring your chosen plugin has been recently updated makes it much less likely there will be any outdated code or exploits.
  • The number of installs. Always look for plugins with the HIGHEST number of installs. A plugin with an extremely low number of installs may be a red flag.
  • Reviews and ratings. Each plugin within WordPress will have a reviews tab that will provide you with a brief explanation and overview of how well the plugin works. This will also provide you with user reviews.

2 Factor Authentication

2 Factor Authentication is a great way to add an extra layer of security to your WordPress website. 2FA will secure your website against password theft, phishing, and brute force attacks. It makes it impossible for any other individual to access your admin area without using a code that is unique to you.

Written by Katie
Marketing and Client Success Manager