As long as there are personal and business websites, there will be hackers who, for reasons unknown, think hacking a website is a thing to do. Personally, I have had all my websites hacked at one time or another over the last few years. It is a royal pain in the butt to clean and reconstruct a hacked WordPress website. I try to keep a good attitude and look at it as a great time for a total redesign and I also make sure to add more protection measures to keep the hackers out.
My number one security resource is WordFence Security Plugin. I use the free version, which is great, but I do know site owners who are upgraded and they give it rave reviews. There are other ways to secure your site or blog.
How Do The Hackers Get In?
To protect your site from unscrupulous hackers, it helps to know how they get in it in the first place.
Use Extreme Caution When Installing Plugins
As you can see from the image, plugins are the largest risk to a site attack. There are tens of thousands of WordPress plugins available. Unfortunately over half are equipped with a “back door” into your website.
How To Keep Plugins Safe
The number one way to keep plugins safe is to make sure to update them as updates become available. WordFence is a great way to keep track of updates, you will get an email when a plugin has an available update.
Look At The Details
There are a few red flags that should serve as a warning against using a plugin.
- Visit the developer's site. Check to be sure it is there and that it is up to date with fresh details on the plugin's use and make sure there is valid contact information. Tip- If it has been a while since the plugin had an update issued, chances are it is no longer supported by the developer.
- It is best to download any plugin from the WordPress official site. The plugins listed there will likely be safe. Downloading plugins from an unknown source should be avoided. This is one way hackers will get in. They have you install their awesome plugin that is guaranteed to drive customers. Or that is what they tell you it is, in reality they are having you do the hard part for them. The plugin likely contains the tools they need to hack your site.
- Do a little investigation into the developer of the plugin. Search the author name and the plugin name and put “malware” or “hack” behind it and see what comes up.
The 2nd Way Hackers Get In
The second most common way WordPress sites are hacked is a brute force attack. This type of attack is the ultimate guessing game. It can take hours to find the username and password for your site, but it is fairly simple way to get in and cause damage. Use a few of these tips to keep them at bay and off your site.
- Use a two factor authentication. Using this method, users must know their password and have their cell phone ready to receive a secret number. WordFence premium has this feature and it is a fool proof way to protect your site.
- Choose a unique username. It is no longer a good idea to use Administrator or Admin. Using your domain name is also not recommended. Instead choose a username that will not be easily guessed by a potential hacker.
- Change your password often. This is just one more way to keep a brute force attack. Their software may be getting close to guessing your password but, if it is changed often, that would not be a problem.
Simple Maintenance Keeps Your Site Safe
Take simple steps to take to keep your WordPress site safe. Clean your site up often. Get rid of plugins and themes that you are no longer using. Keep your themes and plugins updated. Install trustworthy security to keep hackers out. If you have never had to redo a 5 year old site, be happy! If you have had to clean up a mess left by an attack, learn from mistakes and lacks in security. Lock your site as well as you lock your home.