Protecting your website is important
After experiencing all the stress and work involved to clean up after attacks on several of our client’s WordPress sites, we cannot stress enough how important it is to secure your website and avoid the misery that comes with a hacked site. Who wants to get the red screen of death, telling visitors that your site is not safe to enter because it’s blacklisted by Google or other search engines? I do not wish it upon anyone! It was a huge challenge to clean up the mess, get the sites whitelisted and marked as safe sites again, but we did it!
Tips to stay away from the blacklist
To help you avoid this bad experience, we’ll discuss some of the easy, yet vital steps you can take to protect your site. Anything else beyond this list, may require the help of someone who is more experienced with some of the complex tools to secure your site.
- Keep your WordPress version up to date. Update all plugins & themes
- Remove inactive or unused plugins
- Delete unused themes
- Choose a secure hosting service (we use Bluehost- affiliate link)
- Change the default username “Admin”
- Create strong passwords (don’t reuse old)
- Install a WordPress antivirus and firewall plugin
- Use a local antivirus
- Make regular backups
Keep your WordPress version up to date
Hackers are constantly looking for holes in the application and when they find a vulnerability, they attack with malware or other scripts to reroute your visitors, or even infect the visitor’s computer. WordPress is very good at catching up and frequently submits updates that closes these holes. So follow suit and keep updating the WordPress core files by following the instructions on your Dashboard screen. Here’s a screenshot of where to look for the reminders.
Click on the number to view what updates are due.
Remove inactive or unused plugins
The same story about holes in the WordPress application goes for plugins and themes. If you are no longer using a plugin or theme, just go ahead and delete it so you don’t even have to worry about updating them. Unless it’s a habit to check, it is very easy to forget to do updates and that’s when trouble can join the party. Some plugins and themes are also abandoned by their creators and no longer supported. Can you imagine leaving the backdoor open to intruders? Some plugins like Wordfence will email you reminders about plugins to be updated.
Does your webhost support WordPress
Make sure your webhost supports WordPress and has taken strong measures to ensure the security of their client’s websites. They should make it really easy for you to work with WordPress and protect the servers where your website sits. When you see that the host provides PHP or Linux, it is usually an indication that they support WordPress. If it’s not clear, don’t be shy to ask in a chat or email, or by making a phone call. It’s one of the reasons we like Bluehost (affiliate link), because they understand that WordPress, used for more than 15 million sites, is a force to reckon with.
Do not use the default user ID
Installing WordPress is super easy, but also predictable. Many users don’t know or don’t bother to change the user ID from “Admin” to something a bit more difficult to guess. If you only knew how many attempts to break into the Admin area are made on a daily basis, using “Admin” or even the domain name. Hackers will use that in combination with a tool to guess your password, until they get in.
Use a strong password
That brings us to the next point, and that is to use strong passwords. First of all, do not recycle your old passwords because once it’s known, it will be easy-peasy to break in. How do you create a strong password? Not by using your full name, date of birth, street address, pet’s name, etc. How about combining words with numbers, caps and lowercase, or even throw a special character into the mix? For example: lonD0n5oo@ha . Some people even use an entire sentence that would only make sense to them: mywifeisahotmommaof3 . Here’s another tip: combine words in a foreign language with numbers or characters. I bet it will take forever to crack the passwords and by the time the hackers think they do, you will be on to them, because you are monitoring your site!
You need security plugins
Install a firewall, antivirus or anti-malware plugins on your site. These will give you so much peace of mind, you’ll sleep like a baby at night, without a worry about hackers and malware. Some plugins that work well for us are: Wordfence, Sucuri, Anti-Malware. They’re easy to install and set up, but once they’re up and running you will not even notice that they’re working constantly in the background, blocking break-in attempts, recommending steps to prevent or provide tips how to clean up when there is trouble. You will be glad you have them watching your website’s backdoor.
Install a local antivirus program
It will not hurt to have a good antivirus program installed on your computer. You never know where the bad stuff is coming from. It could be a website, email, or even from your WordPress site (if infected) while you are logged in. There are good programs, both free and premium, so there is absolutely no excuse not to add this layer of protection. While we do not endorse any specific one, we have used several of these programs, free or paid: Panda Antivirus, AVG, Avira and Avast. See a comparison of antivirus software by PC Magazine here.
Back up regularly
And finally… make regular backups! You never know when something goes wrong. We don’t wish it upon anyone, but if that happens to you, at least there will be a version of your files (pages, posts, etc.) to help you get back online quicker than if you didn’t. Use a plugin, or any other way, as long as you do. Read more on my post about backups.
Better be safe than sorry
Investing a little bit of time to study and take the steps to secure your site will prevent a lot of headache along the way. Whether you do this yourself, or if you feel that it’s just too bothersome and prefer to hire someone else to do this for you, it will be the best investment of your time and/or money. You don’t even have to look any further, learn more about our WordPress website maintenance service here.
We have listed the most commonly used ways to secure your site, but if you have any questions you can submit below in the comment section because we truly want to help you protect the online version of your business.