Do you have a WordPress website? You might be thinking to yourself, “I could never get hacked. I have all the best plugins. It won’t happen to me. Not a chance.”
You might be surprised to learn that having a WordPress website with plugins does not fully protect you from hackers. It actually means you could be at an even higher risk for getting hacked because the more you ignore your site, the more likely you WILL be hacked. Why? Hackers target WordPress websites for many reasons. No site is hack proof however, there are some ways to help prevent hackers from getting into your site. By implementing the following tips i’m about to share with you, you can make it THAT much harder.
Reason #1 – You Aren’t Keeping Your WordPress Website Secure
The first reason hackers target WordPress websites is because most people who have a WordPress website do nothing to keep it updated. Security updates are vital to you and your business. This is one area that most people don’t seem to even begin to think about. The less secure a website site is, the more you have to worry about you and your customer’s private information like credit card details, home addresses, and phone numbers being compromised.
There are a few ways to increase the security of your site. WordFence and Itheme Security are two plugins which are great for adding an extra layer of protection. They both give you the ability to block robots as well as humans who are trying to log into your website. They both also gives you the ability to run virus scans as often as you’d like.
One feature I particularly like from WordFence is that it will send email notifications when someone tries to log in or is automatically blocked for trying to log in. Recently, WordFence added an additional layer of security by including a firewall as well.
Pro Tips: Your usernames MUST NOT be “admin”. Admin is the default login username for all WordPress websites. If hackers see you are using admin as your username, they are even more likely to get in because they have already accessed half of your login details. Luckily, if you are using WordFence, it will automatically lock out hackers who are attempting to hack your website using invalid usernames. Ithemes does not currently have this feature.
I also advise my clients to use a strong password which is created by a random password generator. A strong password is typically over eight characters with a random mix of letters, numbers, and symbols.
Reason #2 – You’re Not Keeping Your Plugins Updated
The second reason hackers target these type of websites is because most people who own a WordPress website don’t update their plugins. The more your plugins are outdated the more likely your site is going to be hacked. Most hackers get in by way of outdated plugins. You want to make sure your plugins are always up to date and you are using ones that work for your version of WP. Older plugins might work with your version of WP but they might not be supported anymore and are more susceptible to being hacked.
Updating WordPress is pretty crucial to keeping out hackers. WordPress gets updated fairly often so the older your website software is- the more vulnerable the site is. The reason WP gets updated is for security purposes.
Reason #3 – You Don’t Having A Strong Enough Server Password
The third reason they target these types of sites is because hackers can easily get in through what’s called your FTP or File Transfer Protocol. This gives them direct access to your server where everything on your website is accessible here. If you don’t have a strong password, they can easily add in malicious code to any of your files and your website can quickly be compromised. There’s only really one way you’d know if this happened to you and that isn’t until you go to log into your site. You “might” be alerted by a red screen with a notice warning that your code has been hacked but sometimes not even a notice is posted.
Now, let’s play the scenario game.
Kenny has a business website with NO security and NO backups. He never logs into his website and never updates his site. He does however have a strong FTP password. He believes his site won’t get hacked.
He ignores his website for five months and then one Tuesday morning, he wakes up to find out his website has been hacked. He starts to panic. He can’t stop stressing out and keeps thinking over and over again in his mind, “Who did this? Why would they do this? Can my site even be fixed now? Who can help me?”
Kenny contacts his web designer and asks him what to do. The web designer informs him that his site was hacked due to zero updates taking place within the past few months. He also learns Google has actually blacklisted his website which means his once high ranking on all search engines like google has now been completely killed. He also discovers the hackers have hit him from two ends: outdated plugins and an outdated WordPress version.
After a few hours of attempting to fix all of these issues, his web designer explains to him the hack is so deep into WordPress and the plugin itself that the site itself cannot be repaired and it has to be rebuilt. This now will cost Kenny double the amount of money because he will have to completely rebuild it from the ground up.
Tom has his business website properly set up and manages it himself. He goes into his website every few days to check up on his security and runs all necessary backups so if he needs to ever restore it at anytime, he has the ability to do so. He also has a strong FTP password.
One Tuesday morning, Tom wakes up and does his regular weekly website check. He discovers there were multiple usernames that he’s never used before trying to log into his site. Annoyed, he goes into his security plugin and blocks them permanently. This doesn’t cost him any money however, it does take up vital time away from his business to block these potential hackers.
Sadly, I’ve met dozens of business owners who have actually had to deal with both of these scenario’s and others just like it. I hope these actionable tips have been helpful and you implement them right away in your business.
If you’d like to prevent your website from being hacked and don’t want to deal with the constant stress of having to manage it yourself, I’d be happy to help you and do it for you. Click here to schedule a 15 min free consultation.