Website protection?

I am looking to start a blog and turn it into a business. I know it is important to keep your site secure so you are not hacked, but I don’t really know what to do. There are so many different plugins and programs out there and it’s hard to know where to start. I have antivirus software on my computer, I plan to use a strong password, and the login lockdown plugin, but I don’t know if I need anything else. Thanks in advance.

This is a really great article that offers a set of great tips to help you secure your business blog: https://www.entrepreneur.com/article/241620 . Also, you may want to look into a vpn. I have been using one for about a year now and it gives me peace of mind with regards internet security and privacy.

1 Like

I propose using two-factor authentication. More specifically using your email address. Generate a very long hashed key and send it to your email address. The only way through the two-factor authentication is either knowing the hashed key or owning the email address. This way, no one can hack your accounts unless they actually are logged into your email. If you hash it well, it would be hard to even guess what the hash is.

Now you would only want to do this if you are the only user on this website. If you are going to allow users to sign up, I recommend using the generic login stuff because people tend to be lazy and don’t want to log into their email address. It’s quite hard for them I guess.

1 Like

OK, makes sense. A couple of things, first, a VPN was mentioned. I don’t have much experience with VPNs, but I came across this in my research: https://securethoughts.com/the-best-vpns-for-multiple-devices/, is this what you were talking about?

Also, 2-factor authentication was mentioned, but it was mentioned that I should set it up to send to my email. May I ask why my email and not, let’s say, my cell phone? I guess the reason I am asking is it’s entirely possible that my email can be hacked as well as my website, where as if it’s set to my cell phone I will get a text everytime. I am just looking for a rational as to why you would use an email address instead of something like a cell phone. Thanks!

You can choose any method you’d like. Email confirmation usually just tells you that you own that account. I am not sure if there are any SMS libraries for PHP, but I believe there are some APIs. You might want to check that out.

I have a company webpage that I has ssl’d but there is a one question, should I use CDN for even more protection ? I don’t offer any financial transactions or anything like that… Its just a cleaning company page mainly used for information purpose…

Hacking is regularly performed by unauthorized person that can spoils your online business. So you need to secure your website and keep an unauthorized person away from your website. Always look for any update and keep your website up to date with latest versions of extensions, plugins and theme. Keep detailed errors in your server logs and don’t talk your privacy with any one.