Keeping your WordPress website secure from hackers is serious business. There were a reported 1 million attempted hacks into WordPress websites on one day alone back in April. That was extreme, but it did happen. All websites a susceptible to hacking, but WordPress sites are increasingly being targeted, mainly because of their popularity. Don’t forget it’s estimated that close to a fifth of all websites are built in WordPress.
The purpose of this post is not to scare you, ok it is a little bit, but it’s healthy to be aware of the threats out there – and there are things that can be done to protect your WordPress site from hackers.
You’ve probably asked yourself why do the hackers do it? At a very high level hackers are looking to take over popular websites to communicate a message. In most instances however they’re looking to increase traffic to their websites by spreading malware (malicious software) through a network of computers known as botnets – and largely they do this by cracking a username and password combination for a site.
As mentioned before there are ways you can protect your WordPress site against these inevitable brute-force attacks. Digital Davidson employ a series of ongoing measures for some of their clients to combat attacks. The safest solution is to host your website on a dedicated server rather than a shared server. Sharing space with other sites means yours are more open to attacks, but the cost of dedicated servers is in the main prohibitive. If you are to share with other sites, as the majority of WordPress websites do, then it’s worth investing in a trusted hosted company. For most people a dedicated server is out of the question, the less sites you share with, the more expensive it is too – so that rules out that option for many too, so let’s get to the prevention tactics!
1. Anti-virus software
Install it on any machines you use to access your WordPress site. Keep it up to date and set it to scan your devices regularly.
2. Change passwords
As mentioned earlier the botnets run scripts to try millions of combinations of usernames and passwords to gain access to your site. They don’t stop after they’ve tried a few, they keep going. That’s why it’s important to build password changes into your routine.
At Digital Davidson we regularly change your user passwords to something instantly forgettable (sorry!), which we advise you store somewhere digitally. We also change the passwords that we use to access your site as part of this procedure. We also ask you not to change the password to something more memorable.
It’s inevitable that at some stage your website will succumb to an attack. If this happens we’ll contact the hosting company first. From there we’ll take the site down if we need to and look to fix the problem.
In many cases, if your website becomes compromised, it’s better to upload the last backup than try and fix the site after the attack. Most hosting companies can retrieve recent backups of your site, but it’s recommended that clients keep a local backup of their content and database.
Digital Davidson also take a local backup of all their websites on a regular basis.
4. Run WordPress updates
From time to time WordPress will release a new version of their core software – they did this recently with version 3.6. You’ll be alerted to these updates sporadically from the dashboard view of your WordPress site. It’s always a good idea to update to the latest version, and it’s always recommended that you take a local backup of your site before you do so.
It’s also good practice to update any themes and plugins as and when you’re alerted to new releases.
5. Remove things that hackers are looking for
It’s advised that you make it less obvious that your site was built in WordPress. Hackers are known to scan the net for sites using the approved and much used slogan Powered by WordPress. We’re not suggesting you don’t run a credit for WordPress on your site completely, but maybe use an alternative message that they won’t be looking for.
6. Don’t use too many plugins
If the hackers can’t guess the username and password they’ll look for a back door to get into the site. There are plenty out there so it’s up to you to make sure they’re locked. Some plugins are untrustworthy, so only activate ones that have good ratings and a significant number of downloads. The same goes for themes. Also make sure you delete plugins and themes from your site that you’re not using, it’s good housekeeping as much as anything else.
7. Don’t create too many user accounts
Reducing the number of entry points to your site will make it less easy for the hackers to gain entry.
As mentioned before Digital Davidson have procedures in place to make their clients websites more secure. If you’d be interested in asking us more about how we can protect your WordPress site contact us for a free consultation via the usual channels.