It’s a difficult feeling. The world seems to be rushing around you. One of those bots just got into your beautiful WordPress website and ruined everything. All the effort that you put into the site to increase the traffic, gone vain in few seconds.
The feeling is hurtful.
WordPress as a platform is
- extremely popular
- easy to use
- well laid out
- developer friendly
- with thousands of plug-ins
- with unmatched scalability
there’s one fact that people miss all the time. WordPress is also one of the most hacker friendly platforms.
Due to its immense popularity, hackers around the world spend tremendous amount of time to find out the loopholes in the system.
Trust me. It’s really sad. Every other week, I meet someone who’s site is/was hacked. An average of 32,000 sites are hacked every day. Honestly, it’s not too surprising to see the numbers when 20% of all the sites that exist in the universe, are in fact running on WordPress. As a platform, WordPress therefore becomes an easy target.
You should be worried. Recovering your site could take large amount of effort and luck. It’s costly too. With WordPress being the largest and the most successful CMS, these attacks can easily effect every other site owner.
With so many unethical professionals trying to break in, you must be fully prepared to prevent any further attacks on your site.
That is exactly what we’re going to discuss today. Let’s start with the actual science behind hacking.
Why YOU get hacked?
Although it feels like it, getting hacked is usually not personal. It is achieved through automated scripts or bots.
Whenever a hacker sees even a small window, they’ll pounce at it. All of this means that it does not matter whether your website is small or big, or with or without traffic. Any vulnerable site is a potential target.
What are the primary entry points for these hackers?
Although there are far too many factors that affect your site’s security, these are the most common and recurring one’s.
- Brute force attacks – WordPress as a system allows many unsuccessful attempts to log in. It becomes the most exploited feature of the platform. There are systems designed to work with thousands of usernames and passwords, until they get it right. Hence, WordPress users are susceptible to these brute force attacks.
- Poor server security – A soft and insecure server is something that you should be worried about. Spend some time and select the best hosting provider for your precious website.
- Unmaintained plugins – One of the primary reason for WordPress to be a popular content management system is the availability of easy-to-use plugins. However, even the most common ones when not maintained or upgraded on timely basis, can become an entry point for hackers. Avoid free themes or plug-ins that are not getting updated on time. Only download plug-ins from trustworthy sources.
9 practical tips to prevent future attacks:
New WordPress users do not realize the importance of regularly updating your operating system, browsers and software on your PC. Using a good antivirus and keeping your eyes open is the first way to step up the security.
Now update WordPress
The next important step is to update your WordPress to the latest version. It’s not too difficult to understand the reason behind it.
When a new version of WordPress is out there, there must be strong ‘security reasons’ for the last version to be junked out. An older version of WordPress is a hotbed for unwanted attacks. The new version would automatically resolve the security issues in the last version. Updating right away is the least you could do.
More than 30 to 40% of security lapses happen due to the hosting providers. It’s important to do your research and choose a reputed company which has a strong security background. A server that is poorly maintained with low budgets is a strict no-no.
Better Username & Password
It’s 2016, and you’re completely forbidden to use passwords like ‘ABC 123’ or ‘12345’ or ‘DOB’. In fact, your security will be up by 40%, if you just concentrate on creating a difficult, less-crackable password.
Likewise, it’s criminal to use ‘admin’ as a username. Choosing a strong username along with a good password will save you from hoard of brute force attacks.
Limit login attempts
Don’t forget to limit the login attempts into your WordPress. In case a bot is trying to get in your system, limiting the number of failed login attempts from a single IP address would automatically safeguard the website.
Free is not good
Try to avoid free stuff. Something which is not getting regularly updated ,whether plugin or a theme, should be avoided at all costs. Beware of those free plugins that are not so popular. Just ask yourself, there’s a valid reason why they’re not popular?
It’s vital to ensure that correct file and folder permissions are set up at the time of installation. Incorrect permissions means a hacker can modify the WordPress install.
Log into your file manager under cPanel. The permission set for all the files is 644. For all the directories the permission should be 755. At times these things depend upon the kind of server and become slightly complex. The best thing to do is to check with your host.
As highlighted before, most attacks happen through an outdated or out of use plug-in. The most important point here is to keep the number of plugins to a bare minimum. Also, update the ones that you are using consistently. Even the best plugins have had some sort of security problem in the past. Update them on a regular basis.
If there’s one thing that WordPress users are lazy at, is backing up regularly. Regular backups will save you tons of time and effort. Create a schedule or maybe download a related plugin and stick to the timeline. This activity will give you an absolute peace of mind that can’t be replaced.
Having your site security compromised is the worst feeling in the world. If you are going through this horrific time, start taking special precautions from now on. Site security issues are part and parcel of the game. They can’t be fully avoided. Following these 9 pointers will help you address the most common issues before they even happen.
Just be proactive and you’ll stay one step ahead of the hackers. Best of luck.