This was written by Laura Betterly…i thought it was a good read and good advice!
Websites have always been under attack by nefarious individuals who try and gain control of personal data or the site itself. This is nothing new, it’s been part of having an online presence since the birth of the Internet. Hackers make a sport out of looking to find new ways in, and hacker protections always run one step behind, plugging up the holes.
While this may make the steps you can take to protect yourself seem futile, since hackers are gonna hack (it’s what they do), it’s actually worth taking a few minutes to read and implement the suggestions that follow.
If you’re using WordPress, or any open source or flexible framework website software, your risk of being hacked increases. Here are a few tips to help you preserve your security.
WordPress Security Tips
- Select unique user names. The most common user name for a WordPress site is “admin”. Why? Because it’s the default suggested when you do a new WordPress install, and most people are too eager to get their site up they assume they will come back and change the user name. Few do. Avoid using admin or your name as your WordPress login, it’s far too hackable.
- Use a secure password. The easier a password is for you to remember, the easier it is for a hacker to guess or deduce. It’s always a good idea to use a long password that contain a combination of upper and lower case characters, numbers and special characters.
- Don’t procrastinate on the updates. It seems like WordPress comes out with an update every couple of weeks. Be sure to update your WordPress install every time you see that there’s one available. Most of the wordless updates include security fixes to plug up the back doors and vulnerabilities.
- Don’t stop with the WordPress install- update your plugins too. Update your plugins every time you see a new version come out, and delete old plugins and themes that you aren’t using any longer. Sometimes plugins from the WordPress repository are designed for older WordPress versions and contain back door security issues. If you’ve recently updated your WordPress and there hasn’t been a corresponding update to your plugin shortly after, check to see that the plugin is still active and supported.
- Beware unscrupulous developers. Some app developers will sell you a plugin that is really cheap and seems too good to be true. Many times it is because they either won’t support it going forward or it contains vulnerabilities. Seems like everyone I know has at one time or another installed a plugin that contained some malware and found out by seeing Google’s big red malware-infected warning when they tried to visit their domain. Google will take the site offline until you get it fixed. It’s time consuming, and definitely will hurt your business when visitors can’t access your information.
Why My Hackers didn’t hack me…
I started this article telling you about how I was hacked. LauraBetterly.com had 247 attempts of someone trying to log in. But I have a plugin called Wordfence that saved my bacon, (there is a paid and free version).
https://WordPress.org/plugins/wordfence/ (the WordPress repository link)
http://www.wordfence.com/ (their website- not an affiliate link)
With Wordfence someone tries to login after a number of failed attempts (I set it up for three) the plugin blocks their IP address. In my case the guy persevered for about an hour, changing IPs and trying again until they decided my site was too secure and moved on to an easier target.
The paid version of WordFence scans your website and compares the code with the WordPress repository code, and lets you know by email if someone injects code into your site. That’s how I learned of my hack attempts.
Hopefully my experiences have helped to increase your awareness about some potential vulnerabilities. It only take a few minutes to implement secure site practices, and it can save you a few hours, days, or even months of misery at the hacking hands of a bored teenager in his parent’s basement.
I have the survey results for you, I’m working on compiling them and I’ll share them with you soon. Be on the lookout for this as well as a special invitation for you to join me on vacation next year, coming up next week.
P.S. I forgot to mention an added benefit to ensuring that your site is secure against hacking. When you implement a trust seal from a virus or security company, your sales conversions will increase!
I leave you with this awesome sensationalist news article I found. If it were written today it might say something like “Hackers can spread ebola through your home computer”! 🙂