It’s Data Privacy Day on 28th January! In honour of a critically overlooked, yet important, aspect of the web, we’ve got a two-part article for you. We’ll be publishing the second half on Friday. We’re going to give you some tips on how you can improve your business’ security, and respect the privacy of your users. We’re also going to give you some pointers on how you can retain some privacy when browsing the web (on Friday).
Data security for your WordPress site
If you’re a WordPress user, the easiest first step to improving your site security is to install a plugin called Wordfence (link here). Wordfence is a constantly evolving firewall that will protect your site from malicious login attempts, malware and other suspicious activity. It also gives you warnings and reports on the happenings on your site. Wordfence will run scans on your site to make sure everything is in tip-top shape and will let you know if anything needs addressing.
Additionally, Wordfence gives you the option to use two factor authentication (or “2FA”) to login to your site. This will drastically improve your security and protect all that sensitive information your site may contain. 2FA is a system where you have to verify who you are when you log in, usually by a code sent to you in a text or email, or by an authenticator app on your phone. To improve the security of your business, it’s good practice to implement 2FA wherever possible.
Wordfence is one of our core plugins that we install on all our sites. The best part is, the free version is more than sufficient for the majority of cases, so you’ve got no reason not to use it.
Cloud software applications
Brace yourself for this one, it gets a bit technical. If you don’t have bespoke cloud software, this probably won’t be relevant to you – so skip over it. We also realise the following is perhaps a bit too technical. The important thing to take away here is that you should ask your server administrator if these steps have been taken on your behalf.
If you have a cloud software application, you’ve got two easy wins to ensure your data is protected:
- Set up appropriate Uncomplicated Firewall (UFW) rules
- Implement secure shell (SSH) key for server access
Uncomplicated Firewall (UFW) rules
There are a whole host of security and privacy steps that can be taken to further secure your servers. At a bare minimum you need to ensure the right UFW rules are set and that all logins to the server are authenticated by SSH key, rather than password.
Talk to the manager of your servers about enabling UFW and setting up some basic access rules. For example, you should only allow connections to your server that are needed for your application to function. Other connections should be denied to prevent them from being abused.
Secure shell (SSH) key
On the other hand, SSH keys will ensure only trusted individuals and services can access your server. Whilst there are plenty of explanations on how SSH keys work out there on the web, the short and sweet of it is: a key is made up of a public and private pair, one for you, one for the server. When connecting to the server, your key will be checked against the matching key part on the server. If they match, you’ll get access. If not, you won’t be allowed in. SSH keys should take the place of passwords and are one of the most effective ways to restrict access to your servers and ensure basic security.
Help me, this is confusing
If you’re worrying because none of this makes sense to you, just get in touch. We can take a quick look at your WordPress site or cloud software app. Our advice is free, so let us put your mind at rest. The security of your business starts online so make sure to stay on top of it.