Security is top of mind for everyone these days. With all the hacks, breaches and attacks in the news, we are all vulnerable and need to take reasonable precautions to protect our websites.
There are 30,000 new websites hacked every day.
For sites that we host and manage we like the iThemes Security WordPress plugin.
It is easy to configure and takes care of most of the approaches would be hackers use to try and get into your site. It is called hardening the website. Much of the hacking is automated, so when they check the metaphoric door and see that it is locked they move on to another site. It is kind of like when you have the Protection One sign posted on your lawn…criminals just don’t want the hassle.
It is amazing how much of the hacking is coming from overseas. For my website Brazil and Australia seem to be the countries of origin that are trying to hit us hard. This plugin has deterred 2,226 login attempts in the last 6 months…pretty good pass protection I would say.
A few best practices:
- Don’t use the word Admin as your login user name….easy target.
- Passwords should be at least 7 characters long with a nice mix of caps and symbols. Using a strong password generator is a good idea if you can’t come up with something clever on your own.
- Remove users that are no longer active on your site. If they are part of an old development / design team be sure to either reassign them to “No Role” or transfer their posts and then remove them.
- Keep your Site updated to the latest version of WordPress that is compatible with your theme. (be sure to have a backup plan in place in case there is a conflict issue)
- Keep your plugins updated to their latest versions and remove any plugins that you are not using.
Getting hacked is really not an IF but a WHEN, but taking smart precautions will certainly help your odds.