WordPress is the most widely used website CMS holding up to 60% of the market share (HostingTribunal). This means, WordPress sites are everywhere (33% of all websites globally in fact). The good news is that WordPress, due to their success, are well aware of the responsibility they have to the people using their platform to build sites as well as the websites’ end user and are constantly creating updates to make their sites and plug-ins safer.
If your site is hacked, all the time and effort you have put into your site as well as gaining organic search engine ranking will all be affected. Not only that, but the flow on affect it will have on your income & customer satisfaction. Keep your site protected so all your hard work at creating an effective online presence is not wasted.
Why hack my site?
Many people think a hacker is what you see in the 1995 movie (aptly named) “Hackers”. Where a keyboard warrior is hell-bent on exposing government secrets or corporate espionage. “I don’t keep client records or credit card details on my site so I’ll be fine, right?”. Wrong! Hackers aren’t necessarily after what is on your site, rather they create code that looks for vulnerabilities within sites, breaks things, spams your contact list with an email from your account sending out more viruses or simply accessing your server’s power to complete another task.
It’s Easy- that’s why!
Being on such a widely used platform gives hackers a better chance of accessing your site. WordPress also uses a standard URL at the end of their website templates where users can login to the back of their site. Most WordPress sites have their ‘back-end’ access by adding ‘wp-login.php’ to the end of your URL. Most people also set up passwords that are easy to remember. Bots and hackers often try a variety of common password variations until one eventually lets them in.
You’re giving hackers a piggy back
You, like a good citizen of the world wide web are paying for server hosting. Not only could a hacker access the server your website is hosted on, they could then potentially also access other websites on the same server. Considering most website servers can host thousands of websites- there’s a potential for your unsecured website to cause damage to a lot more sites than just your own. As well as this, if you do have client emails accessible via your website- the hacker could high-jack your database and spread their malware or virus to yours customers. How often have you received an email from a friend that looks a bit strange but you open it anyway because it’s someone you know and trust? Before you know it, you’re computer is infected and you’re cursing yourself for opening that email.
How to protect your site from hackers
It’s not all bad though. WordPress are constantly updating their software and plugins to protect their users from vulnerability. There are a few easy things you can do to significantly protect your website from hackers. Think of your website like your house. A burglars would rather break into a house without security cameras, a dog, a gate and a floodlight. Making it hard for hackers to access your site means they will give up and move to another one. Adding the below suggested basic security measures to your site will make your site harder to hack and therefore more protected:
1- Keep up with your updates
This is an obvious one but it is so important. Log into your site once a month and see the numbers racking up in your “Plugins” and “Updates” tab? Action them! Most updates that occur when you log into your website are the developers making their platform more safe and secure. If you stay on top of your updates and do them incrementally, you’re less likely to break something on the front end of your site. Leave them for 6 months and expect the update from V2.5 to 5.5 to work without any problems, you may be in for a shock. And before you do an update- ALWAYS back up your site first! (because if something does break, at least you have a copy you can roll back to whilst you fix the problem with no website down time).
2- Create regular back ups
As part of your regular website maintenance, you should be backing up your site before you make any significant changes or updates. As mentioned above, if an update breaks something on your site, it is A LOT easier to roll back to a previous version of your site than it is to recover or even rebuild your website. There are multiple WordPress plugins such as Updraft Plus that you can add to your site to create (and even automate) back ups so you are safe in the knowledge that your site can be restored if needed.
3- Change your login URL
As mentioned above, WordPress login URL is standard: www.businessname.com/wp-login.php. You can easily change this which means a hacker won’t be able to gain access to your site. No login page, no logging in. Use a free plugin such as WPS Hide Login to customise your login URL and make it harder for hackers to find and access.
4- Add extra security plugins
Adding firewall and malware detection software will alert you to when your site is being hacked. Use a plugin such as Wordfence to add an extra layer of security to your site and make it even harder for hackers to access your site.
5- Use SSL security certification
Ever noticed how some websites have ‘https://’ at the front of their domain names or a little lock sign when you’re entering your payment details? This means the website has had an SSL certificate meaning your site is being directly accessed from the server it sits on. Not only do search engine’s love this as they can confidently show your site to a potential customer knowing it is safe to use but it also means that there is no way any information (such as credit card details) that are transmitted can be intercepted or altered.
And if all of that sounds too hard or time-consuming, we can help. Get in touch with us today for a discussion about your security needs.