Protect your site by following these 3 steps. In fact you're placing unnecessary risk on your business if you're not taking these basic steps to protect your site access and communication.

Protect Your Site Access and Communication

Protect your site with SSL (secure sockets layer):

Why you need SSL to protect your site:

To protect confidential user information, including your username and password, when using your web browser.
A secure encrypted connection where you communicate with a site using https in the url not http. Banks and other financial institutions employ this on their web sites but you should also ask yourself - Shouldn't I be making a secure login to MY sites? Yes you should.

What's required:

1. A static IP address for your web site. You get this from your web hosting service.
2. An SSL certificate. You may get this from a variety of vendors - e.g. your hosting service (Hostgator, Godaddy, Bluehost, etc), your domain registrar (Namecheap, Godaddy, etc.), other security vendors (thawte, verisign, etc) All Hostgator shared accounts have access to a free shared SSL certificate.

If you have a VPS or dedicated server and don't know how to implement the SSL certificate, speak with your web hosting service, most will point you to "how to" instructions or install for you.

See this post if you're on a Hostgator shared hosting account: How to setup and use your free shared SSL certificate.

Use it to:

Login to your website - e.g. to login to your WordPress administration area through your web browser. This prevents your username and password from being intercepted in clear text . Also, use it to protect financial or other sensitive data  transactions where security is critical.

Protect your site with SSH (secure shell):

Why you need SSH to protect your site:

To encrypt confidential user information, including your username and password, when using remote administration programs, not limited to your web browser.
A secure way to move files from one machine to another across an insecure network (e.g. www). Provides for encrypted login and encrypted command execution. One common use is to pair it with our next utility, ftp.

What's required:

1. SSH enabled for your website. Contact your web hosting provider to enable. Hostgator does not charge for this but check with your hosting provider. Your hosting service will provide you with the port on which to connect. You will need this port when configuring your SFTP client.If you're on a Hostgator shared account you can skip this next paragraph.
2. If you want additional security by logging in using key based authentication, then you'll need a Hostgator VPS or dedicated server account in addition to SSH client software such as PuTTY. PuTTY is a client program for the SSH protocol. For our purposes we will use PuTTY tools, either puttygen or pagaent to create "keys". These keys are what will provide our encrypted communications. Check with your webhost for their requirements on using SSH keys. Once your keys are successfully configured and you have tested logging in, you may want to disable username and password authentication for additional security.

See this article How To Create SSH Keys and Disable Password Authentication for a step by step walkthrough.

Use it to:

Encrypt and secure communications across an insecure stream. If your site uses username and password for authentication then you will just need to confirm that ssh has been enabled for your site and use SFTP to connect.

Protect your site with SFTP (secure file transfer protocol):

Why you need SFTP to protect your site:

To protect private data over an insecure data stream (e.g. the internet).
An SFTP client program will provide a convenient but secure method for transferring files between computers.

What's required:

A client software program that's capable of secure file transfer - SFTP. An example of this is the popular FileZilla. YOU MUST CONFIGURE FileZilla TO USE SFTP. When used in default mode, as simply an FTP client, FileZilla is NOT secure. Other examples of SFTP client programs are WinSCP for Windows and Fetch for the Mac.

See this post on How To Configure FileZilla and WinSCP to Protect Your Site.

Use it to:

Securely transfer files, whether it's images, video or WordPress themes and plugins to and from your website. Both FileZilla and WinSCP also provide the ability to directly edit text based files on your server as well as view the permissions of files and folders. FileZilla displays permissions in number format while WinSCP displays permissions in text format.

Need help with a hacked site? Go here: Sucuri.net

More info: SSL, SSH, SFTP
Don't risk your business, you'll sleep better when you help protect your site by following these 3 steps.

Implement WordPress security measures and stop disaster before it strikes.

Take the time to implement WordPress security measures to protect your hard work.
Listed below are some free and premium WordPress resources to make securing WordPress easier.

• First, make sure you have a full WordPress backup.
• Premium backup
  • WP Twin
    Everything on your WordPress site will be completely cloned. Not only your installed plugins and themes, but their configurations, as well as posts, pages, comments, permalinks, etc. Absolutely EVERYTHING!
  • Backup Buddy
    WordPress plugin that will back up your entire WordPress installation; widgets, themes, plugins, files and SQL database - the entire package!
• Free backup
• • Automatic WordPress Backup
    Using this plugin, you can easily and automatically backup important parts of your WordPress install to Amazon S3.
  • WP-DB-Backup
    WP-DB-Backup allows you easily to backup your core WordPress database tables as well as other tables in the same database.
  • WP-DBManager
    Allows you to optimize database, repair database, backup database, restore database, delete backup database , drop/empty tables and run selected queries. Supports automatic scheduling of backing up and optimizing of database.

WordPress Security Checklist

• Change your admin name and password
  • Password Manager/Generator (Recommended)
    LastPass is a password manager that makes web browsing easier and more secure.
  • Strong Password Generator
    This strong password generator will generate secure, random password examples for you to use.
  • AskApache Password Protect
    AskApache Password Protect adds some serious password protection to your WordPress Blog. Not only does it protect your wp-admin directory, but also your wp-includes, wp-content, plugins, etc. plugins as well.
• Change your table name prefix from the default
  • WordPress Table Rename
    This WordPress plugin facilitates renaming all WordPress tables with a custom prefix.
• Consider installing a security plugin like:
  • BulletProof Security
    Fast one click website security protection. Protects your website from ALL XSS and SQL Injection hacking attempts.
  • Secure WordPress
    Little help to secure your WordPress installation: Remove Error information on login page; adds index.html to plugin directory; removes the wp-version, except in admin area.
  • wp secure
    WordPress Security Plugin - Perform over 23 Basic Security Activities for your blog and get a free malware scan at the same time!
  • WordPress HTTPS
    WordPress HTTPS is intended to be an all-in-one solution to using SSL on WordPress sites.
  • WordPress Firewall 2
    This WordPress plugin investigates web requests with simple, WordPress-specific heuristics, to identify and stop the most obvious attacks.

Take time to read the instructions and/or the Read Me First files before activating any security modules

• Use FileZilla (SFTP) or cPanel File Manager to change permissions if necessary
• Changing File Permissions from the WordPress Codex

Implement WordPress security measures and protect your site and your business.

Need help with a hacked site? Go here: Sucuri