Most people have a less than vigilant attitude when it comes to website security.
They think.. “Hey, why would anyone want to hack my website anyway?”
Well even if you don’t have much traffic or income at your site, you need to take steps to secure it.
Because most hacks are not personal in nature, they are done by bots and scripts designed to seek out and affect the largest number of websites possible.
These bots do not distinguish sites personally, they simply look for vulnerabilities and attack.
And yes, they have motives. In fact, there are lots of reasons for hacking even small mom and pop sites including…
1. To send spam from your server (that’ll get you blacklisted)
2. To install malicious code that spreads viruses to your visitors (so they can steal from them)
3. To add web pages that steal your search engine ranking
4. To steal your affiliate commissions
5. To steal your traffic
And the list goes on and on.
“Botnets” use hundreds of thousands of unique IP addresses (from compromised/hacked ‘Zombie’ computers across the world) to attack hosts across the globe, specifically targeting WP Blogs.
So how can you protect your site?
Well, at the very least you should take the following three steps:
1. UPDATE WORDPRESS REGULARLY
WordPress security holes are regularly addressed and fixed with each new version.
That is why it is important you always update WordPress to the latest version.
The older the version of WordPress you are using at your website, the more susceptible your site will be to attacks.
Luckily this is quite easy. WordPress introduced a new feature in 3.7 that performs updates automatically.
When you install WordPress simply choose to have updates performed automatically to patch security bugs and errors that have been found.
Bots love to target themes and plugins with security flaws.
One of my main sites was hacked a couple years ago due to a plugin with a security hole and I didn’t know they were stealing my traffic for months!
In fact, more than half of successful WordPress hacks are a result of security holes in themes and plugins.
That’s why it is important to pay attention to the plugins installed and activated on your website.
Always deactivate unused plugins and remove them.
Also be wary of plugins that have not been updated within a year or so and try to use only plugins that are updated regularly.
3. LIMIT LOGIN ATTEMPTS AND DON’T USE ADMIN OR THESE PASSWORDS:
Automated bots mainly target /wp-login.php and /wp-admin to try and get access using brute force.
That’s why you should limit login attempts via the plugin you can choose when installing WordPress.
And never use the hackers main username target for login attempts — the default username “admin”.
Change it to something else and delete the admin username.
Then choose a STRONG password.
The top passwords targeted include some fairly obvious one’s, so make sure you’re not using something as weak as any of these:
If you are using one of these passwords then you may already be hacked and not know it!
Again, one of my main sites was hacked a couple years ago and I didn’t know they were stealing my traffic for months!
So again, the most important thing you can do right now is:
1. Keep WordPress updated regularly and automatically
2. Update plugins and themes regularly and automatically
3. Limit login attempts with the free plugin that comes with WordPress installs
4. Make sure you don’t use admin as your username and choose a super strong password
5. Consider getting this complete WordPress Security Plugin Suite to secure your blog now:
(You can also use those premium plugins to offer a high value service to your clients!)