Website hacking is real and happens more than you can imagine. Once a hacker gains access to the admin area of your WordPress site he is free to do whatever he likes. You may not notice for a while because your site looks and runs the same. At some point you may learn that when your site comes up in search results the description is very different than you intended. It might be telling all about the virtues of certain pharmaceuticals that will improve your romantic life. Maybe when you click on the link to your site in the search results it takes you to a completely different website – one that the hacker benefits from. Maybe your site will be used in a spamming scheme. That’s just a few of the possibilities.
Do you have a strong password for your WordPress log in?
Did you know that an 8 character password can be hacked in only a few minutes? The best practice is to create a password longer than 8 characters which includes lower case letters, capital letters, numbers and symbols such as an exclamation point or dollar sign.
Change your WordPress username to something other than the default ‘Admin’
It seems simple, but many people don’t change it. The hackers bank on this and most attacks will use Admin as the username - so they have half the equation right off the bat.
How do hackers gain access to a WordPress website?
They use a computer program to enter rapid-fire username and password combinations into the WordPress log in window. By default, there is no limit to the number of attempts that may be made. The program just goes on and on until it hits the right combination. This is called a Brute Force attack.
Why would someone attack my site?
There is no bias here. A small site is just as valuable to a hacker as a huge corporate site. They deal in volume. If your site were to go down today, how would that impact your business?
Install a security plugin
Even with a strong WordPress log in combination of a non-default username and a strong password, your website is still vulnerable. There will always be some new method of hacking to come along. iThemes Security is the plugin I recommend and use on all my clients’ WordPress sites. This allows a website administrator to limit the number of log in attempts. There are tons of other settings to further secure your website.
Make regular backups and store them off-site
How often to backup depends on the nature of your website content. The more frequently it changes the more often you should backup. Busy ecommerce sites should be backed up multiple times per day. It is also very important to store the backups in a safe place. There are several very secure cloud storage options available. This also gives you the option of storing as many backups as you want. If your website is infected you may not know it right away. If you only have a few backups over the last few weeks, all of them may be infected and you will be left with no website to restore. Just another good reason to get frequent security scans of your website.