Today cyber crime is part of our digital landscape. You have behemoth companies such as Target being hacked, financial institutions, healthcare facilities and educational institutions the victims of hackers, and web firms such as AOL having its customer accounts compromised. In fact, just recently AOL announced that a “significant number” of its user accounts have been affected by what the company called “unauthorized access.” This comes on the heels of AOL’s warning of spoofing attacks, which attempt to trick people into opening emails by masking the email address that appears in the “From” field.
It’s not only email platforms that are targeted. Websites, including those developed on WordPress, are also prime fodder for hackers. Because WordPress is such a popular platform for web development, hackers look to take over pieces of specific sites for their own benefit. Often, these hackers target widely installed plugins or themes with known security vulnerabilities. Typically, an individual site is not targeted specifically, but is hacked because of some vulnerability in a plugin or theme installed on the site.
Here are some basic, easy and no-cost-to-you measures to implement to help keep your WordPress site secure from hackers:
- Delete the default username “admin”. This is automatically created by WordPress and unfortunately most people just keep it. If you don’t change it, a hacker is already 50% of the way there in accessing your site.
- Make sure your password is strong and illogical. Don’t use your kid’s name or birthday, a pet’s name or anything that is logical or a significant number sequence. The most effective passwords include a random arrangement of uppercase and lowercase letters, numbers and symbols. Garbage, really. Just make sure you remember it or have it in a safe location.
- Make sure you keep the WordPress site updated. If you fail to update the site and don’t have the latest version, you face a security risk. Outdate files, themes and plugins pose vulnerabilities that hackers find. Also, delete the plug-ins or themes you don’t use or need.
- Limit login-attempts. You can install a plugin that limits the number of attempts someone makes when logging in (just like a banking site). One of the common ways that hackers attempt to gain access to a site is by using software that bombards the login page with an unlimited number of username and password combinations, until they hit the jackpot.
Always have a backup of your site! Be sure you have a backup of your site’s database and files. This way if your site is hacked, you can restore it from the latest known clean backup. Be sure to change your passwords and create a new set of secret keys to invalidate the cookies that allow the hackers to keep getting into the site.