Security is so important to a website’s longevity and success. For one, if your website is constantly live, and then down, Google is going to penalize you – between crawls, this might be fine. However, for any site that is constantly up or down, the rankings for your site will decrease until you fix the issue.
If you have a website that is constantly up and down, in terms of being live, the chances are you are being attacked, or your security is not strong enough. It is very common for this to happen: especially for sites that see rapid growth (and don’t prepare for such eventualities with growth). With this, here are some great tips, talking from experience that you can do to protect your website and keep with as high an uptime as possible.
#1 Have DDoS protection
DDoS is known as a denial of service and is a way of blocking bad traffic from accessing your website.
Without DDoS protection, it is the equivalent of having no security at a nightclub, allowing everyone and anyone in. Pretty soon, the nightclub won’t be able to cope – the same can apply to your website.
Your server will get overloaded and potentially crash, causing your site downtime.
There are many ways to get DDoS protection, and it is important to point out that this cannot be done at a WordPress level – using nameserver integration with a CDN is your best bet (which moves us nicely onto the next point).
#2 Use a CDN
A content delivery network helps load your site in multi-locations, depending on where the web user is. Not only does this make your website load quicker, but it also helps reduce the load on your server. If there is less load, it is likely to never reach a maximum capacity to cause it to crash.
In actual fact, some CDNs, such as Cloudflare, even offer 99.9% guaranteed uptime, even sometimes 100% (depending on how much you are willing to pay). This is where they clone your site’s files so the server becomes fully futile in delivering resources to the web user.
What is also great about most CDNs is that they come with DDoS protection too, so you are killing two birds with one stone.
#3 Change wp-admin
/wp-admin is one of the most targeted pages on all websites. This is because hackers and bots know this is the way to log into a website through brute force.
Typically, this means thousands of thousands of bots try to access this page, using different combinations of usernames and passwords, until they find the right solution. If they don’t it will still put a large burden on your server (which a CDN won’t be able to help with).
For this reason, it is a great idea to change /wp-admin to another slug, such as /my-login-page. Perfmatters is a plugin that allows you to do this and 403s the wp-admin page. From doing this, you should see your server load reduce nicely too!