Many people believe that their WordPress website is of no value to a potential hacker. They are just average citizens promoting their small business or non-for-profit idea with not much search engine visibility. Who would bother investing the energy in breaking their site?
The bad news is that most of the malicious activity on the web is done by scripts and automated bots wandering the internet looking for easy prey. They would not be bothered by how small or insignificant you might feel online. Below are some simple first steps you can take to protect yourself. This list does not include all the potential pitfalls nor will it protect you from all types or attacks. It is a start, a way to discourage the automated script enough to move on and try to break into your virtual “neighbor” instead.
The two most commonly used logins are “admin” or the site’s name or URL. These are the first options an automated script is going to try. If this is your login, you should stop reading this article and change it some something less obvious. If your WordPress password is “11111”, “12345” or the same as your Facebook password, you should change it to a secure password.
Keeping your plugins up to date
The hackers look for vulnerabilities in popular plugins that would allow backdoor access to the site. Once found, scripts searching for sites with these plugins start to flood the internet. The easiest way to protect yourself is keeping the plugins up-to-date as it shortens the time the hackers have to find your site while is vulnerable.
WordFence is a world class plugin that scans your site for signs of security problems, alerts you of intrusions and provide you with an array of tools to continue protecting the site day-to-day. Just the mere presence of WordFence on your site could deter a potential hacking script.
Hiding your email address
There are scripts that scrape the internet for addresses to send malicious spam emails to. This will not directly harm your site, but could potentially harm your computer. If you decide that is necessary for your business to share the email address, make sure that your email has strong spam filters. Otherwise, we recommend using a contact form instead.
Adding re-captcha to your forms
All online forms are prey for the automated bots. Your forms, especially payment forms, should include a re-captcha check.
Site backup is a must, not only as a recovery mechanism after an outside attack. More often than not, a mistake on the part of the site editor or administrator would cause something to go wrong. This is when backups are life savers. Any good hosting provider will provide regular data and file backups.
If you are frugal and computer savvy you might be tempted to host your website from home, on your own computer. Self-Hosting does not present any risk to your site, but it does endanger your home computer. There are numerous examples of hackers who, once they detect a self-hosted site, were able to install malicious software on the host computer. That’s why you should leave the hosting to a professional, it’s worth the additional cost.
If you know that your site is under attack, or not sure if you are protected, send us a note. We will help you recover and continue in a safer state.