Categories
4 Easy Ways To Prevent Your WordPress Site From Being Hacked
The statistics are out – the number of WordPress sites being hacked has increased to 170,000.
Don’t freak out.
There’s no need to call up your hosting company and demand they delete your website, just yet.
WordPress is still the CMS of choice for over 60 million people worldwide, because of how easy it is to protect yourself from the shenanigans of those no-good hackers.
“If it’s so easy to protect yourself from hackers, then why are so many sites being hacked?” you ask. Good question.
The answer is simple – people don’t know what steps they need to take.
Once you know the ‘what’ the ‘how’ is easy.
Don’t let your beautiful and expensive website become a statistic. Protect yourself from hackers by following these easy tips.
Update, Update, Update
1 – Keep WordPress Updated
Websites with old versions of WordPress are the most vulnerable to the dodgy intentions of hackers.
WordPress often updates its core to ensure that any identified security issues are effectively dealt with.
These updates are issued every few months or so and are very simple to implement. The current (as of 10-02-2015) version is 4.1.
Your website’s WordPress dashboard will alert you to the fact that an update is required. Click the necessary buttons and links, then raise your fist in the air and proclaim, “Come at me hackers!”.
Actually, don’t do that.
2 – Update Themes and Plugins
Updating themes and plugins isn’t only reserved for those times when they don’t seem to be working all that well.
You need to update your themes and plugins for the same reason you update your WordPress core – an old version is vulnerable.
This is even more of a risk with plugins, because they don’t always go through the same stringent testing that Wordress itself does.
Don’t Make Your Password ‘password’
Is your password “password”? You may think it’s genius, but it isn’t.
Not even close.
Seriously, it’s a terrible password.
Here is a list of four other passwords you should never use
- 123456
- 12345678
- Qwerty
- abc123
Many people imagine that hackers are just chilling in front of their computers all day, sipping their Monster energy drinks and randomly typing passwords into websites that they’ve chosen from a hat.
Not true. They use a sophisticated automated technique that works very quickly and can crack a simple password within seconds.
So, what you need to do is ensure that you have a long password with mixed casing, using numbers, letters and special characters.
Such as: Th1s!s@G00dpA55w0Rd
That password will definitely slow the hackers down, but if you really want to bolt down the doors you should also limit user login attempts. There are a number of plugins that you can use for this.
Both of these efforts combined will go a long way towards making your website an impenetrable fortress.
Protect the .htaccess file
We’ve recently seen an increase in .htaccess files being hacked.
.htaccess is the default name of directory-level configuration and is often used to specify the security restrictions for the particular directory.
So leaving this unprotected essentially means all of your files are unprotected.
It’s essentially like locking the front door but then leaving the key in the lock. Nobody does that…on purpose.
A quick google search will guide you as to what code can be added to your domain’s root .htaccess file to prevent any external access to any file with .hta.
Let the Pro’s Deal With It
I would assume you’ve had your driver’s licence for a good number of years now and have been driving cars for just as long. Can you fix one, though?
You’ll find that the number of people who can drive a car (which seems disproportionate to the amount of people who have licences) is far more than the number of people who can drive a car and fix one. That’s why mechanics are always in demand.
The same applies to your website.
You may have built a beautiful website and are very competent in producing quality content. That doesn’t mean that you have the knowledge or even the time to keep it safe and well maintained.
That’s where Shift One Digital comes in.
For only R490 a month we’ll will:
- Update all plugins and WordPress to keep your site running smoothly making sure your users are happy.
- We will scan through your website to pick up on any anomalies or abnormalities that you might not have been noticed.
Or for only R750 per month you can sign up for some very robust WordPress security.
You’ll get:
- Unlimited Malware Cleanup
- Website Blacklist Removal
- Malware Detection (Unlimited Pages)
- Advanced Website Firewall
- Intrusion detection and Prevention
- Brute Force Protection
- DDOS Protection (HTTP – layer 7)
- Performance Optimisation
- SSL and SPDY Support
- HTTPS DDOS Protection
- PCI Compliance
- Advanced Access Control
- Priority Ticket Support
There will be no more sleepless nights, wondering what weird and inappropriate content hackers may have planted on your website.
The pro’s will take care of it.
You should probably get started on following these tips now.