You spend time and money developing the perfect site: hiring a graphic designer, hiring a coder, considering colors and specifics that will make your company glow to potential customers. The site goes live and, within weeks, gets hacked.
It’s an all too familiar story. Some estimates show about 30,000 WordPress sites get hacked each day!
Why Do Hackers Hack Websites?
The reasons behind this are plenty. Sites that store a customer’s credit card information offer an easy target for criminals interested in committing fraud. Those with extensive email lists stored offer hackers with a massive amount of people to contact for their own interests. They may install malicious hardware on your computer so they can take over your computer and use it as is if were their own, thereby attacking MORE computers from YOURS.
And some hackers do it just for fun.
Before you put yourself out there on the Internet, make sure you’ve taken the following steps to protect your website – and your potential readers – from harm.
Create secure log-in names and passwords
WordPress itself states your highest risk of being hacked comes in choosing a poor user name and password. When you create the blog, your default user name will be admin. Change this to something else. Also, create a password that won’t be easily detected. Do this by:
- Using a variety of letters and numbers
- Using upper and lower case letters
- Using symbols, such as # and $
- Changing the password on a regular basis
- Choosing a user name that has nothing to do with your blog (ie: your blog is for North Carolina Real Estate – don’t choose NCreal for the user name)
Keep your WordPress site updated
On a regular basis WordPress will make updates and post that these updates are available on the Dashboard of your site. Update your site whenever it is suggested. Keeping WordPress updated will ensure you have the latest security features and that you are overriding any bugs that may have been in the earlier versions. This article shows what can happen when you DON’T update your site.
Check Out Two-Step Authentication
This great plug in allows Google to send you a unique number on your phone when you log into your account. Upon log in each time you will need to enter the secret number, sent to you on the Google Authenticator App on your smartphone. Because this program generates a new number ever thirty seconds, the chance of a hacker guessing that number correctly is next to impossible. Read more about this program on WordPress’s site.
Download and run WP Security Scan
This plug in, developed by WordPress, will scan your WordPress website or blog, check for vulnerabilities in security, and suggest actions to fix those. This includes information about your passwords, file permissions, database security and more. You can find WP Security Scan here: http://wordpress.org/plugins/wp-security-scan/. To use, download the file. Go to your dashboard. Click on Plug Ins, and then choose Install New. Upload the entire folder and you will find it under your installed plug ins page.