I hear it from fellow bloggers and entrepreneur friends, see it in Facebook groups I am in, “My blog got hacked.” Those are words you never want to say yourself.
Every blogger wants to keep her WordPress blog safe, but even though it’s something you don’t want to deal with, precautionary measures aren’t taken.
If your website is built on the popular website platform, WordPress and I’m sure many are, there are things you can do to prevent your website from being hacked.
Am I saying it will never happen to you? Am I saying it can’t happen to you? No. It can happen to any one of us, but why not do what you can to keep it happening from you?
I mean just thinking about your website being hacked is enough to make you want to cry, but to add insult to injury, it’s even worse when you know there are things you could have done to keep it from happening!
First, let me say that if you ever receive an email from your hosting company saying your website has been hacked, contact them immediately. Do not ignore those emails. They can and will shut your website down to protect the other websites on their server.
In a study done in 2013, it was found that many who have WordPress websites do not perform the bare minimum tasks to keep their websites protected. This study was conducted on 42,106 websites. It was found:
- There were 74 different versions of WordPress on these sites. To date, there have been 145 versions of WordPress since it began in May of 2003.
- 769 of the websites were using version 2.0 (this version started in 2005. The latest version is 4.3.1)
Here are 12 ways a blogger can keep her WordPress blog safe
- Keep your WordPress version up-to-date. Throughout the year, WordPress comes out with several versions. There are two types of releases; major and minor. Major releases are 1.0, 2.0, 3.0, 4.0, etc. Minor releases are 1.0.1, 2.0.2.
- Keep your theme up-to-date. Your themes also have updates. These updates are a combination of new features as well as making sure they are compatible with the latest version of WordPress.
- Keep your plugins up-to-date. Plugins are usually one of the easiest ways to have vulnerabilities on your website. Make sure you do your due diligence and check out the plugin and the developer BEFORE you install any plugin on your website.
- Site login username. When it’s time to install WordPress, you’re asked to create a username. Make sure you NEVER EVER use admin as your username. Yes it’s easy to remember, but it’s also a hacker’s delight!
- Secure Password. I tell my clients to remember their website password is just as important as their online banking password. When you created your password for your online banking account, you gave it some thought to make sure it was secure. Do the same for your website.
- Monitor who has access. One of the great things about WordPress is that you can have several users on a site all with different access levels. Pay attention to who you give access to and only give them as much access as needed. This is not the time to get generous and add extras or get lazy and don’t pay attention.
- Change your login link. The default link to login to a WordPress website is the domain followed by /wp-admin or /wp-login (for example: www.yourdomain.com/wp-admin or www.yourdomain.com/wp-login). Hackers know this so change it. When you’re installing WordPress, you can change the default link. If you want to have your login as www.yourdomain.com/bacon, you could!
- Use WP Managed Hosting. There are many types of hosting; two of the most popular are Shared Hosting and WP Managed Hosting. Shared hosting is for all websites built on any platform. WP Managed Hosting, yep you guessed it. It’s WordPress websites.
- Change your file permissions. The files that make up your website have permissions. These permissions allow for reading, writing, and executing. These permissions are represented by three numbers or they may also be represented by the letters r, w, and x. These numbers will determine what can and cannot be done with your website files. You want to limit the file permissions of your website as much as possible, but be careful because you can also run the risk of making your website not visible.
- Limit the number of times someone can log into your website. When someone is trying to hack into your website, they make numerous attempts. The Login Lockdown plugin will detect that the same IP address is trying to access your website many times within a certain time-frame. If the number of attempts is exceeded, the IP address will no longer be able to access your login page for a specified period of time chosen by you.
- Have your site scanned. One of the best ways to have your website protected is to be scanned in the background so if anything is found it can be fixed. That’s where Sucuri comes to the rescue! The Sucuri plugin monitors your website for any funny business going on. It can also remove malware and get your website cleaned if it is hacked. It’s some of the best money you’ll spend!
- Backup your website. You backup your website so that if anything should happen to your website, you’ll be able to restore a fresh version. Unfortunately, many website owners have no backup system in place and rely on their hosting company to perform their backups. Make sure that you contact your hosting company to find out what they backup. If it’s just your database, you’ll be very unhappy if something does go wrong.
Of course, this list is by no means all-inclusive, but it does give you a lot to work with to make sure your website is secure!
What would you add to this list? Has your website ever been hacked? Share below!
See ya later!