Your web site is vital to your business. It connects the world with your work and gets your audience energized, and every minute you’re without it, you could lose out on a new client who’s ready to love what you do.
Does a web site hacker care about any of that? Well, you can probably guess the answer to that! There are a few different reasons why a hacker may target your web site. Fortunately, if you have a WordPress web site, there are simple ways you can protect yourself, or at the very least, make it harder to break in.
You’re using default settings.
When you first set up your WordPress site, you might have gone with the default settings–“admin” makes sense for a username, so why not? The problem is, because it’s the default setting, it’s very easy for hackers to guess.
Instead of using the default, choose a username that’s unique to you. If hackers don’t know your username, it’ll be that much harder for them to break into you site.
Your password is too easy to guess.
You have enough to remember on a normal day, so it’s tempting to pick an easy-to-remember password. That could sink you, though: your dog’s name may be easy to remember, but it’s also easy to hack.
Is it possible to make a password that you can remember AND that keeps your web site secure! Yes! Here’s a great article from Lifehacker on how to do just that. Now, go update all of your passwords!
You don’t have any protective plugins installed.
One of the great things about WordPress is that it’s pretty simple to install plugins. So, it’s easy to add plugins that will help protect you from anyone who tries to spam or break into your web site.
Just a couple of good (and free) options:
- Limit Login Attempts: this plugin stops them from using your login if they enter the wrong password more than 3 times. So, malicious users can’t keep trying to guess your password over and over again.
- Google CAPTCHA: this plugin adds an extra bit of security by requiring a validation code to be entered whenever someone fills out a form on your web site. It’s intended to prove that the person filling out a form is human–not a robot that wants to spam or hack your web site.
- Wordfence: this is a popular plugin that includes scanning of your web site files, real-time blocking of known attackers, and enforcing strong passwords for all of your users.
You’re using plugins with known vulnerabilities.
The WordPress community has awesome plugin resources for you to take advantage of! Unfortunately, not every program is perfect, and some plugins have vulnerabilities that make it easier for hackers to get in. Revolution Slider, for instance, was a popular photo slider plugin, but when hackers discovered a vulnerability in it, sites using Revolution Slider were more open to attacks.
Fortunately, developers working for powers of Good are keeping track of which plugins will leave your site vulnerable–there’s even a plugin you can use that will tell you if any of the plugins you use have vulnerabilities! Try using Plugin Vulnerabilities on your WordPress site, and see what it tells you.
Wait! I’ve already been hacked! What can I do?
Restoring your web site after it gets hacked can be a gnarly proposition. There are a few steps you can take right away, to help you start getting things back to normal, and keep it from happening again.
- Contact your web host and ask if they have any backups of your web site from before were hacked. If they do, it’ll make cleaning up your site easier–they may even help you restore the site!
- Change your passwords for both your WordPress login and your web hosting account.
- If your WordPress Dashboard login is under username “admin,” change it to something unique.
It’s hard to make your web site bulletproof, but there are simple steps you can take protect yourself from attackers. If one or a few of the issues above describes you, take a few minutes to fix it! And if you need help, get in touch–we’re happy to help you with the things you don’t quite feel up to tackling.