It seems like a day does not go by where I have not read a headline that involves a website being hacked. The ones that make the headlines are big hacking situations. I had to change my own debit cards after shopping at Target not too long ago. Some other memorable hacks include Citibank, NASA, and Sony, which included the PlayStation3.
However, often hackers simply hack for the fun of it, and they hack anything and everything, including small to medium websites. In my 17 years as a web developer, I have had five clients report damage to their websites from hackers, and I want to provide you the same tips I have provided them to keep their sites safe.
Back-up your Website
Back-ups are so important! Read the fine print from your hosting company. Do they offer back-ups? If they do, is it a daily back-up that is written over once every 24 hours? If so, and you don’t catch it immediately, your latest back-up becomes the hack. It’s also worth checking out, but my experience is that 90% of hosting companies do not guarantee the back-up. Ultimately in the end, it’s your responsibility. I would recommend at least a weekly back-up from your server downloaded to your local computer. Also, there are plugins available for WordPress, but a majority of them leave out certain pieces such as images. If your site is completely deleted, these plugins will not be available to create the back-up. A server side back-up is the only fool-proof back-up available.
Strong Passwords
I know it is so much easier to remember your middle name and your date of birth, but that’s just not enough in today’s hacking world. Your passwords should be at least 10 digits and should include both upper case and lower case letters, numbers and special characters. They should look something like this: nY6V+u@>^/2zyuj. You should also use a different password for everything and change them often. I know….I also struggle with keeping them straight, so I use a product called RoboForm. I use a master password (one that is really difficult) each time I login to a URL. I am asked for my master password, and RoboForm then encrypts the real password for that site and fills it in. The benefit is that I don’t have to remember hundreds of passwords. They are encrypted in case some malware has gotten into my computer; the keystrokes can’t be seen, nor can the password be seen on screen.
Keep Up with Patches and Updates
WordPress plugin patches and updates are created to fix security holes and functionality, and should be updated often and as quickly as possible, and themes should be updated to the latest versions. Old plugins should not only be deactivated, but removed if not being used.
Remove Inactive Users
Remove any old, inactive users that no longer use your site. Many times users have weak passwords, and that can cause vulnerability to hacking.
Smart to Finish Office Solutions provides WordPress Maintenance for many of our clients, which includes the items listed above. Other services that we can provide to keep your WordPress site from being hacked are:
- Limiting Access to the Wp-Content Directory
- Securing the wp-config.php file
- No Directory Browsing
- Preventing search engines from indexing the Admin area
- Securing the Plug-in Directory
- Delete the default Admin login
- Add authentication keys to the wp-config.php file
- Install a WordPress firewall
- Block Access Attempts to wp-admin Directory
- Restrict the Number of Failed WordPress Login Attempts
- Hide Dashboard Log-In Errors
If you are interested in any additional WordPress Security features, or if you have questions, please let us know. Smart to Finish Office Solutions wants to be your partner in securing your blog site.
Recent Comments