Lately, there’s been an increase in attempted hacking of some of the Wordpress sites I manage. Luckily, there has been no breaches, largely due to the software I install to help ensure not only that they can’t get in but also, that I’m informed if they try so I can take action to stop them trying again.
Why might they try to hack your site?
You might think that there’s nothing on your site worthy of being hacked but there are many reasons why a hacker might attempt it. For example:
- If they can guess your password, they might be able to try use it on other sites to see if you use the same one
- They can use your site to send out spam emails
- They want to install malicious code or viruses onto your website which may collect data or do other naughty things
- They want your install malicious code or viruses onto the machines of the people who use your website
So it’s important we all try and keep our website’s secure – and if you hold any kind of information about other people (for example your customers) then it’s even more important (and dependant on the information, you might want to consider an SSL certificate).
Why is it they want to hack Wordpress websites?
Wordpress is one of the most popular platforms, worldwide, and it is what is classed as ‘open source’ software which means the code behind it is freely available to allow its constant development; In short, it’s an easy target.
And, many many Wordpress sites are ‘self builds’ which means the builder might not know why they should or even how to keep it secure. In the past I’ve seen website with the username as admin and the password as the same name as the website. This doesn’t take a lot of guesswork for a potential hacker.
I’ve also seen websites incorrectly installed, leaving it even more vulnerable.
But how do I know if mine is secure?
There’s only one way to know if your site is secure and that’s to lock it down – and at the same time, install software that lets you know if anyone does try to hack it.
What’s the best Wordpress security software?
There are a few really good – and free – security plugins on the market. Some are virus scanners (to check there is no malicious code already on your site), some lock the site down (usually in a step by step process), some are firewalls (to stop people logging on, or trying to guess passwords) and some do all of the above. These of course are the best ones. But first, before installing anything, follow the steps below.
What else can I do to secure my Wordpress website?
Step one is change your password and ensure it’s something very secure. I recommend Norton’s password generator.
Sure, they’re not easy to remember but that means they’re not easy to guess, too!
Step two is make sure the admin username isn’t ‘admin’ – this is the most common username for the administrator so it’s the first one they’ll try.
Unfortunately, you can’t change the username via the Wordpress Dashboard and if you’re not confident enough to change it in the database, it might be better to create a new administrator account and delete the old one.
Make sure the new one is working first so you don’t lock yourself out!
The third step is to make sure your admin username isn’t written on the website. When you create a user, if you don’t type in a first and last name, the default ‘display name’ IS your username. This will likely then be displayed on your blog page (i.e. Title of blog, written by ‘username’) for everyone to see and then they only have to guess your password!
So type in a first and last name and then chose an appropriate ‘display name’ in the User Profile section of the dashboard.
Fourth step is make sure your email account is also secure. If they have access to your email, they can simply use the ‘forgotten password’ link and change your Wordpress password (not to mention potentially access other accounts like ebay and paypal).
And lastly, be wary of the plugins and themes you install. Check the reviews, do some research – make sure they don’t already contain malicious code or they have security vulnerabilities. There are a lot of great free plugins and themes out there but there are a lot that aren’t.
What if I need help with some of the above?
You’re in luck! Some of the steps above would be covered under our ‘Five Minute Fix’ scheme so it would only cost £5 for us to either do it for you or talk you through it.