How to prevent your WordPress account from getting hacked
Getting hacked is one of the worst things that can happen to a business, and in the modern era it is all too common. If your business uses a WordPress CMS, you may be concerned about how accessible your data is to hackers. In this article, we’ll explain a few precautions that might spare your account from being hacked.
It can be tempting to put off updating your software, but delaying the inevitable can actually be a huge compromise on your site’s security.
Every software update that WordPress releases comes with its own security and maintenance notes. While meaningless to most people, these notes are gold to hackers. They reveal loopholes and weaknesses in the WordPress accounts of anyone who hasn’t yet installed the latest update.
So, if you want to avoid vulnerabilities, update ASAP!
Check your add-ons
Because WordPress is open source software, it’s usually pretty secure. However, certain add-ons and WordPress apps might not be. Anyone can develop and publish add-ons, which—while being one of the great perks of WordPress as a platform—can lead to lapses in security.
Not every add-on is made with security first and foremost. Be diligent before installing any add-ons by reading add-on security policies. You can also do a quick Google search to see if there have been any breaches.
Encrypt your connection
It’s not always WordPress that is vulnerable to hacking, but your own networks. Hackers can use devices like a Wi-Fi Pineapple to intercept your internet connection, track and record your internet use. That’s why you should always log into your WordPress from a secure connection—never over public Wi-Fi or a local café.
Similarly, it’s a smart idea to invest in a VPN. A good VPN will encrypt your connection and provide you with an alternative IP address, so you can avoid online malware
Change your password
Security best practice strongly advises having a unique password for every site you visit. That’s because hackers often use a technique called “credential stuffing” to access sites like WordPress. Credential stuffing is when a server—like Dropbox or Adobe—has been hacked, and users’ email addresses and passwords are released. Hackers then have algorithms that “stuff” those same email and password combinations into as many sites as possible. If you use the same combination across the board, this quickly becomes problematic. Luckily, there are ways to see whether your data has been breached. ‘Have I Been Pwned’ lets you know if any of the sites you use have been hacked in the past. We’d also recommend investing in a keychain that generates unique, high-security passwords for every site you visit.
Change your WP login URL
For security’s sake, it’s best to change your WP login URL. WordPress’s default login page is wp-admin, or wp-login.php. So, it’s easy for hackers to access your login page once determining your site is a WordPress site. Once hackers have found your login page, they can launch a brute force attack by ‘guessing’ your login credentials until the correct combination is found. By changing your WordPress login URL, you are making it more difficult for hackers to find your login page and making your site less susceptible to a brute force attack. Even if a hacker can’t figure out your login details, making multiple attempts can use a lot of your site’s bandwidth. There are several plugins that can enable you to change your WP URL. Speak to the team at JTB for more information.
Back up your site
This should be a given, but so many people neglect to back up their websites. If your site does get hacked, a backup protects you from losing months and months of work and data. There are lots of online programs to help back-up your site, but sometimes the best method is the old-fashioned way (or, as old fashioned as website backups can get, at least). Get yourself an external hard drive and back up your site at the end of every day or week. If you’re still unsure about your site’s security, it’s best to get the help of a professional. Constant maintenance and a savvy understanding of the latest security best practices is the best way to avoid a breach. To learn more about how we can help you improve your site’s security, contact JTB today.