WordPress website hackings are on the rise.

How can you keep your site secure?

One of my best friends had her WordPress website hacked and rendered useless by some evil-minded techie troublemakers.  It cost her almost a thousand dollars to get it back up and running.  Fortunately, soon thereafter, she received an order for $400.  She called me to find out how to stop her WordPress website from being hacked or spammed.

This morning, I received an email warning about a huge botnet of 90,000 web servers that are hacking into poorly secured WordPress sites.   I have done some extensive research on how to stop your WordPress Website from being hacked or even spammed for that matter.  Apparently, they have automatic software that tries 1,000 of the most common passwords on all the sites they can access.

Here’s my suggestions on how to stop your WordPress website from being hacked or spammed:

1. I highly recommend malcare.com as anti-malware software company.  They monitor, protect and screen for hacked code.  Then if detected, they clean it thoroughly and quickly.
2. Change your admin password immediately.  For that matter, change any user profile passwords that have admin access.  Be sure to use at least 8-10 character passwords with symbols, capitals, numbers, etc… the more complex the better – click here for a tutorial on best password practices.  Change your password ASAP – it is too late if your site is already hacked and they’ve created a backdoor to gain access to your site (they then use your site to hack into other sites).
3. Remove any profiles with admin access that you don’t know or they don’t use or update your WordPress website regularly.
4. Don’t use public wi-fi  without highly protective security settings
5. Update your version of wordpress, and all plugins twice a month or weekly.  It’s also a good idea to update  your theme whenever a new version is available.
6. Add captcha functionality to your logins – whether subscribers, contact us forms, admin login, etc.
7. Additional security can be had by users only allowing access from certain IP addresses – this may limit your flexibility if you travel a lot.
8. A very fancy and new security feature provided for blogs on WordPress.com works by using a google app that generates a new code every 30 seconds and is called two step authentication.  Be careful with this – don’t lose your cell phone!  Note – these instructions are not for blogs/sites build on the wordpress.org upload.
9. Use the Akismet anti-spam plugin and authenticate with your WordPress.com ID
10. Any helpful or good ideas I missed?

Jim Kaspari

Business Coaching Services . Web Design . SEO . Marketing Consultation

p.530.426.8404 | f.440.425.6094

Jim@SummitBusinessMarketing.com