This topic contains 40 replies, has 1 voice, and was last updated by Peter Wootton .
I get the SSL certificate needs, but what about website security. Is it a MUST on all sites? I am debating which sites really call for it.
There are literally bots roaming the internet 24/7 trying to break into WP using known security holes, brute force methods, etc. So yes, all sites call for it.
It’s free with LetsEncrypt, so there’s really no excuse for not having it other than laziness.
Can I use this on both GoDaddy and Bluehost hosting sites? I have a few clients on Go Daddy and a few on Bluehost.
Unfortunately you have to buy SSL certs for GoDaddy.
Not sure about Blue Host.
I’d not use either of them as hosting if possible.
Don’t think he is talking about SSL. He he.
Go for SiteGround, they provide a free SSL certificate
so does A2 Hosting
You can get a free SSL on GoDaddy. It’s hard work but I have managed to do it before.
I have the SSL. Was wondering about the web security. I clearly need to rest as my words are getting all jumbled. Lol but thank you.
It’s hard to believe how active the bots are until you see the reports from a security plugin. I have several sites I use for fooling around & figuring out how things work. In other words, no real traffic whatsoever. It is common to see 20-30 blocked attempts per DAY.
Website Security should be from day 1. Not an afterthought.
Think of the money you lose when there is a downtime.
Calculate the manpower hours, the sales, time to get a professional trying to get the problem fixed.
Time = money.
Thanks. Which providers do you suggest?
Hi, the SSL is not the same as website security. It encrypts the data when doing transactions and a few other pieces. Google is preferring these secure sites. It does not protect you from hackers. You also need security from those, and no matter how small your site is you will have attempts to intrude. If you have WordPress there are a few good plugins for that.
Thank you. I knew the SSL was a bit different than web security. Now I’m on the hunt for the great plugins. Thank you so much.
WordFence is one popular one.
Is a site with forced SSL not more secure, than one without? You can pretty much eliminate Man-In-The-Middle attacks, as well as other cybersecurity problems. Saying it offers no protection against hackers is not exactly correct.
It should be the first step in securing any website.
I like WebARX & Malcare. I used iThemes security Pro in the past but left it behind for these two. I got both on AppSumo lifetime deals & don’t know how affordable they are at regular rates.
Ditto, they rule the roost over all my sites now. Thanx AppSumo! Beforehand, I used Wordfence and iThemes – so much work though.
I think the most important thing is to just get a security plugin loaded up. WordFence or iThemes are two of the most talked about, so I’d go with one of those just to get your site protected. You can worry about the (endless) debates later on which is better, etc. But both products will protect you at the free level. There are many others in the WordPress Repo for free, of course — choose any of them for now and readjust later
^^ I agree. WordFence or iThemes Security are the best known and do a great job. I also agree to pick one, get it set up. After that you can spend time researching if you want to upgrade or change to another. Great job getting on the right track! My own choice is iThemes Security Pro. I’ve used it for years.
Yes, the great security debate reminds me of the great speed debate — of which plugin will shave off a second here and there in your GTmextrix score, and so on. The reality is most small site developers have clients with far more pressing basic marketing needs and the clients don’t even know their web person is stressing about so much of these things in the background (and likely not being charged either), but it’s easy to get caught up in the hype that other pros tell you what is best. I am a longtime WordFence fan, but recently have stopped paying for the pro subscription for my client sites, and am now experimenting with lighter weight alternatives in the WP Repo. use iThemes for everything but security currently, and am trying them out as well. But in general, just getting back to the basics and trying to stop chasing idealism in security & speed.
BlueHost and GoDaddy. Wow. Terrible reputations for secure systems.
Google has publicly stated that SSL is now a ranking signal in Google’s search algorithm. This means that a website with SSL enabled may outrank another site without SSL.
That’s exactly why anyone who owns or operates a website should start taking the steps to secure their website with an SSL certificate, in addition to a few other security measures. Businesses that don’t take care to protect visitors’ information might see significant issues, garner unwanted attention, and dilute customer trust.
Ok, my website opened last week. I have already had TWO attempts to hack it. I have the free version of I themes security and it not only stopped them but added the users up addresses to a block list. So yes, you need security.
Without a security plugin, you are much more vulnerable to malware. Then Google plasters a huge red square in place of your home page warning site visitors that you’re site is infected. Then you have to either pay someone to remove the junk (which might affect some functionality) or completely delete your site and database and re-install a backup that, hopefully, is free of the malware or you’ll need to to that all over again with a still older backup. Once handled, you will need to alert Google to re-crawl your site and verify that the malware is gone so they will remove the giant red square warning.
Or, you can make a decent attempt at preventing all the above, saving yourself tons of wasted time and stress that you certainly don’t need and Murphy’s Law dictates will happen at the absolute worst time, by installing the iThemes Security or WebARX plugin.
The malware bots are indiscriminate and will attack the little, obscure sites just as aggressively as they would a well-known site. Nothing is 100%, but why roll the dice completely when you can take very good free/low cost defensive steps? Good luck and don’t delay!
This is spot on advice
I did a talk last weekend at a conference here in Australia about the mistakes beginners make when setting up their website and one of them was not having security in place from the start.
There is no excuse not to have a plugin like WordFence installed on your website.
Just remember that it’s only a preventive solution, you also need to make sure you keep All your plugins up to date, core files, use robust passwords, get better hosting, etc. etc.
For WP sites there are 3 security plugins you can find in the WP repository I use on my personal sites as well as client sites: Rename wp-login.php; WordFence; & mini-orange 2 factor. For backup/recovery consider UpdraftPlus… regardless of the security/defensive route you take.
Short answer – yes, both SSL and a good security plugin set up correctly are a must on all websites. Make sure you also have super secure passwords and are not using ‘admin’ as a user login.
WordFence seems to cause certain performance issues, Sucuri is very solid.
Can you elaborate on these performance issues?
High memory usage, can slow your site.
Are you using free Sucuri or paid?
I’ve had the opposite experience, maybe how the servers are setup, hosting firewalls, etc..
Just turn off real-time scanning for Wordfence and the high CPU usage will go away.
I know that WF has a setting if using on shared hosting.
From WordCamps I learned you need a security plugin, WAF and malware scanner for best security measures. Good password and login and update plugins as mentioned above too.
Ecom site & google ads word must have ssl cert
You must be logged in to reply to this topic.