Whilst living in an online-dominated world has its benefits, it also brings with it a new wave of malicious activity, resulting in the need for website security to be of top priority. Its importance to your law firm should never be underestimated. With WordPress being the dominant platform, it’s naturally the most obvious target for cybercriminals, hence the criticality for continuous monitoring.
Essentially, website security protects your law firm website and the infrastructure within which it operates, from vulnerabilities. An effective WordPress security solution regularly scans your environment for any potential compromises and protects your website from hackers gaining access to your data and passwords, as well as protecting your IT infrastructure from the infiltration of malicious software. Furthermore, Google blacklists websites they consider to be a threat to users, thus impacting the visibility of your website and its search engine rankings. This in turn negatively impacts your business and integrity and therefore should be avoided at all costs, as the investment in time, resources and money required to recover from it can be significant, if at all possible.
You may be thinking that this seems an over-exaggeration, but many companies have lost millions of dollars and many more have gone out of business as a direct result of cybercriminals. Ransomware is a growing and extremely profitable business – unfortunately.
The guide below is intended to provide you with an overview of the basic WordPress security requirements. By understanding and implementing them your legal practice will be taking the first steps towards adopting the principle of “prevention rather than cure”. The better your website is protected upfront, the better your chances of reducing potential security risks and the less worry and issues you will have regarding remedial action should a threat strike.
Updated Website Software
Research done by the Sucuri Remediation Group, shows that 56% of the 11,000+ infected websites they analysed were running out-of-date WordPress software. Essentially, most of these websites could have been protected from threats had they been updated with the most current WordPress version. WordPress is inherently secure as they frequently release updates to their software to fix development bugs as well as provide vital security patches to strengthen protection against threats. However, the strength of this security and its benefits can only be realised if you regularly update your law firm website to the latest version of WordPress. Hackers often rely on website owners not updating their software and exploit them accordingly.
This holds true for plugins and themes too, which have become essential components of every website and one reason that WordPress is such a popular development platform. Research conducted by Wordfence indicates that plugin vulnerabilities account for almost 56% of known entry points for hackers (https://www.wordfence.com/blog/2016/03/attackers-gain-access-wordpress-sites/).
Reputable plugin and theme developers will fix vulnerabilities quickly once identified and will release an update. Furthermore, they often release updates after a core WordPress update to ensure their software remains compatible.
It’s recommended that you check for WordPress, plugin and theme updates on a weekly basis to ensure your law firm is limiting its exposure to online threats.
WordPress Security Plugins
Speaking of plugins, there are some highly regarded plugins available that offer a broad range of features to secure your law firm website from known threats. As mentioned above, these plugins are developed by reputable authors who provide regular updates, delivering maximum protection. Below we mention 3 of the most popular security plugins which offer continuous monitoring of your law firm website and will send an alert as soon as a vulnerability is detected, allowing immediate attention.
Wordfence
A plugin that claims to make your WordPress website 50 times faster and safer. It scans all the files of your plugins, themes and WordPress core software and alerts you if it detects any infection. This plugin has many beneficial security features, but there are two in particular that are worthy of mentioning. Firstly, it has the ability to scan for any malicious code within the comments of your posts and secondly it monitors real-time traffic to your website to detect any security threats that may be attacking your website.
Sucuri Security
Developed by the reputable website security and auditing company, Sucuri, this plugin is powerful and offers a host of features including malware scanning, file integrity monitoring, attempts of failed logins and an audit of your website activity, just to name a few. There is a free version and a paid option which offers premium services.
iThemes Security
An easy-to-use plugin that offers over 30 different ways to protect your law firm website such as stopping automated attacks, tracks user activity, implements two-factor login authentication and password expiration.
User Permissions and Logins
Best practice for granting user permissions is to follow these 4 simple rules, thereby significantly confining your security risk.
- grant access to those who require it
- when they require it
- limit their access for the duration they require it
- restrict their roles to the category specific for their use
In addition, you can add an extra layer of security by limiting the number of login attempts on an account. A common attack aimed at login forms is to shoot off many login attempts with the hope of eventual success. Therefore, by restricting the number of login attempts you are reducing the success of such attacks. You can take this one step further by preventing unauthorised entry through limiting access to your login page to pre-authorised IP addresses.
Further to this, you should always rename your login page from the default URL given by WordPress as this is a loophole known to most hackers.
Backup Your Law Firm Website
Maintaining website backups is a basic yet crucial requirement for any website owner. Consider the impact to your law firm should your website be the focus of a malicious attack, leaving behind it a mass of corrupted files. For a backup solution to be considered successful it should incorporate the following:
- Automated – to ensure backups are done regularly they should be completely automated
- Stored offsite – your backups should never be stored on the same server as your website and should be stored at an offsite location for added safety
- Redundancy – your backups should be backed-up as well, creating multiple copies and an additional level of security should your first backup be unrecoverable for any reason
- Tested – make sure your backup process actually works and that you are able to restore the data you have backed up. It’s worth performing a check regularly to be confident that your backup process remains a working solution
Managed Hosting
WordPress hosting is considered by many webmasters as the Holy Grail in website security, giving rise to the popularity of Managed Hosting as the preferred choice for most businesses. Cybersecurity Ventures has predicted that cybercrime will cost the world $6 trillion annually by 2021 – a massive increase from $3 trillion in 2015. This is an alarming statistic and coupled with its growth in sophistication, cybersecurity is not to be ignored. Compromising on your hosting solution should never be an option for your law firm’s future.
Managed Hosting providers offer a critical layer of defence between your website and hackers, particularly given the advanced nature of their secure environment. A reputable Managed Hosting service provider will offer all the services mentioned above and likely more – further enhancing the security and integrity of your law firm website. They also tend to be more cost effective than employing the necessary resources inhouse. Their expertise and 24×7 support allow you to focus on your core competencies rather than the detailed intricacies of managing and securing your website.
Since cybercrime is an ever-expanding industry, hackers are always developing innovative ways to attack websites. Their malware identifies vulnerable websites with the intention of either stealing valuable data or creating long-term chaos that may or may not be possible to recover from. The security of your law firm website should be one of your utmost priorities and by employing the services of a reputable Managed Hosting provider, you can be guaranteed that your website security is achieving the attention it deserves, ensuring the protection of your valuable data and your practice’s integrity, reputation and future success.
About the author
Brian Hicks
Brian has more than twenty years’ experience in marketing and management across diverse industries including legal, real estate, tourism and technology. Brian lives in Sydney with his wife and two daughters.