You may have heard that it’s been a busy week for WordPress hackers this past week.
If you haven’t heard, it’s been a busy week for WordPress hackers this past week.
In under four days, three of my personal sites have had over 800 malicious login attempts. That’s over 8 attempts every hour.
Being hacked isn’t something that happens to non-technical people. It can happen to anyone. I was hacked earlier this year!
So, what can you do to protect yourself? Great question!
- Force secure passwords for your users.
- Limit admin access to your site.
- Use security plugins.
- Use a backup plugin.
- Keep your WordPress and plugins updated.
1. Force secure passwords for your users.
This is a great first step. Security and passwords is something I take very seriously. When I was hacked, all the security and precautions I took didn’t matter because the hackers got to my server through a site I hosted for a friend who neglected the site for a long time. Often times the biggest security issue can be other people. (Thanks, Phil.)
Forcing strong passwords on users, specifically ones that use upper and lower case letters, numbers, and symbols are ideal. This is a great first line of defense.
2. Limit admin access to your site.
Sure, they may be multiple people at your company who need access to your website to post content updates, post new blogs, analyze traffic and analytics, whatever. However, most modern content management systems such as HubSpot, WordPress, and others will allow you to select what level access each user needs.
3. Use security plugins.
I’m a HUGE supporter of Wordfence. It’s actually how I knew I was hacked back in February. Because of that heads up I was able to take action immediately. Word fence has a lot of great features. It will offer real time screening of all of your WordPress files, and database, scans for malware, emails you when an unauthorized user tries to login, and so much more.
Wordfence is incredibly important to me, and I install it on every site I build.
4. Use a backup plugin.
If you are hacked, you want to make sure you have a backup. If you don’t you may need to start your website over 100% over from scratch, which is both time consuming and expensive.
Also on my list of WordPress plugins for marketers is BackWPup. I use this plugin to make automatic daily backups of my sites. Every site is backed nightly and added to a backup folder which you can save to a number of places, such as Dropbox, Amazon S3, and other options.
5. Keep your WordPress and plugins updated.
This is the biggest, most important one. And I saved it for last. This is a no-brainer. Just do them. WordPress and plugin updates patch security holes that allow hackers to gain access to your site. Once they are in, they are in and can do whatever they want.
WordPress is a great CMS, and I wouldn’t steer anyone away from using it, even with security issues like this. WordPress just needs a little love and some minor maintenance.