As long as there are personal and business websites, there will be hackers who, for unknown reasons, think that hacking a website is a must-do. Personally, all of my websites have been hacked at one point or another in the last few years. It is a real headache to clean and rebuild a hacked WordPress website. I try to keep a good attitude and see it as a good time for a total redesign and also make sure to add more protection measures to keep hackers out.
My number one security resource is WordFence Security Plugin. I use the free version, which is great, but I know site owners who have upgraded and give it rave reviews. There are other ways to secure your site or blog.
How do hackers get in?
To protect your site from unscrupulous hackers, it helps to know how they get into it in the first place.
Be very careful when installing plugins
As you can see from the image, plugins are the biggest risk of a site attack. There are tens of thousands of WordPress plugins available. Unfortunately, more than half are equipped with a “back door” on their website.
How to keep plugins safe
The number one way to keep plugins secure is to make sure to update them as updates become available. WordFence is a great way to keep track of updates, you will receive an email when a plugin has an update available.
look at the details
There are some red flags that should serve as a warning against using a plugin.
- Visit the developer’s site. Check that it is there and that it is up to date with new details about using the plugin and make sure there is valid contact information. Tip: If it’s been a while since a plugin update was issued, it’s likely that the developer no longer supports it.
- It is best to download any plugin from the official WordPress site. The plugins listed there will probably be safe. Avoid downloading plugins from an unknown source. This is one way hackers will get in. They ask you to install their amazing plugin which is guaranteed to attract customers. Or that’s what they tell you it is, they actually ask you to do the hard part for them. The plugin likely contains the tools they need to hack your site.
- Do some research on the developer of the plugin. Look for the author name and the plugin name and put “malware” or “hack” after it and see what comes up.
The second access route for hackers
The second most common way WordPress sites get hacked is a brute force attack. This type of attack is the ultimate guessing game. It can take hours to find your site’s username and password, but it’s a pretty simple way to get in and do some damage. Use some of these tips to keep them at bay and off your site.
- Use two-factor authentication. Using this method, users must know their password and have their cell phone ready to receive a secret number. WordFence premium has this feature and it is a foolproof way to protect your site.
- Choose a unique username. It is no longer a good idea to use Administrator or Admin. It is also not recommended to use your domain name. Instead, choose a username that a would-be hacker can’t easily guess.
- Change your password often. This is just one more way to sustain a brute force attack. Your software may come close to guessing your password, but if it’s changed frequently, that shouldn’t be a problem.
Simple maintenance keeps your site secure
Take simple steps to keep your WordPress site secure. Clean your site frequently. Get rid of plugins and themes you no longer use. Keep your themes and plugins up to date. Install reliable security to keep hackers out. If you’ve never had to redo a 5 year old site, be happy! If you’ve had to clean up a mess left behind by an attack, learn from the mistakes and security gaps. Lock down your site just like you lock down your home.