Many people are often shocked when they realized that their WordPress site is hacked. While WordPress is a great tool, it does have its vulnerabilities and hackers love to use those to their advantage. It is up to the website owners to protect ourselves from these attacks.
Well, how to do that? I’m going to go over the most common mistakes web owners make when making their WordPress sites and what you can do to protect yourselves now and in the future. Here we go!
Mistake #1: Not having an SSL certificate on your website. SSL certificate encrypts info that is passed between your browser and server (and if you take payment on your site, you DEFINITELY need one). Not having one means hackers can easily obtain any info that is transferred.
Mistake #2: Protecting your site with a weak password. You already know you can put /wp-admin or /wp-login next to your website name to login right? Well, so do hackers. So the first point of entry is already broken. The second point of entry is the username/password and this is where a lot of folks mess up. The most common combo used is admin/password and hackers usually try this first to get into your site. If that doesn’t work, they will try other common passwords until they can get in. This is called Brute Force Attack. Unfortunately, WordPress does not limit the number of times someone can try using their password to login so hackers can try as many times as they want until one password works.
Mistake #3: Securing your WordPress database with a weak username/password. This goes back to #2, but this is more dangerous because of your WP database hold all your important data (including passwords, customer info, etc.) Having this exposed can do some serious damage.
Now that we’ve gotten those address I’ll show you the ways to best secure your site.
1) Use a strong username/password for both your sites! I can’t stress this enough. Remember your site is public and anyone can access it.
2) Get a Security plugin! One of my favs to use is iThemes Security. They have great features such as brute force protection, force strong passwords, and more.
3) Get an SSL certificate! You can get one through your hosting provider, however, if it costs too much you can also get one for free on Let’s Encrypt.
4) Back up your website! If your site does happen to get hacked, you want to be able to recover your data and get it back up normally as soon as possible. You can either do it manually or use a plugin (I like UpDraftPlus)
5) Hire a Security Consultant! If you are still unsure that your site isn’t secure enough, you can hire a consultant like DigitalEmpress to evaluate your site for vulnerabilities and they will make recommendations on how to better secure it.
I know this was a lot of info but I hope it was useful. If you have any WordPress topics you want to me to touch on, feel free to leave your suggestions below. Otherwise, I’ll see you all on next week’s