The past few weeks have been crazy for people who use WordPress as their web design platform. As a Professional SEO Company, we are always on the lookout for information that may help or hurt our clients and our business. We try and take full advantage of information that may help our client; and at the same time we ensure that we use every precaution to prevent our clients from those developments that may hurt them.
You’ve most likely come across various blog stories about the latest round of “brute force” attacks on WordPress sites. According these online sources, such as on BBC, Forbes and Tech Crunch, the hackers of the world have united and are targeting vulnerable WP website.
In a nutshell, hackers are targeting WordPress login pages and looking for easy ways to access your site(s).
That is why I have created this post and at the end I also provide you with specific guidelines on 10 Ways To Lock-down and Protect Your WordPress Websites & Increase WordPress Security.
BTW, if you feel comfortable watching a video then click this link to watch the WordPress Security video on Vimeo.
They are looking for simple-to-crack usernames and passwords such as users setup as “admin” and simple passwords which are in plain english or words used from dictionary as passwords.
Since about 20% of the internet is now using WordPress platform, it is easy to gain backdoor access to site with many site using one-click installs and either using freemiums or using outdated plugins and themes as well as older versions of WP. However, it is important to note that some of the premium themes and plugins are also affected.
If you run WP sites and you haven’t been hacked…consider yourself lucky!
It can literally take days and hundreds of dollars (if not more) to get your site back to legit status.
As a web marketing agency we have created many sites with WordPress and have hosted on our servers. We are happy to report that ALL of our websites have been safe.
But, I do know of one previous client (who was NOT hosting with us) whose websites were hacked. We have spent the last 2 weeks helping her and typically we would have billed her at least $1500 for this.
To make sure all of our WP websites are locked down with proper security, we have always done specific security measures through our security checklist before making any website live. However, due to recent mass attempt to attack WP sites by hackers, we have added few more security measures and included the WP Security Plugin.
We have done this out of the goodness of our heart regardless of whether you are currently our client or not. As long as we had the access to your WP site, we went ahead and secured it even further.
Here’s what I have asked my web administrator to do:
10 Ways To Protect WordPress Websites And Increase WordPress Security
- Protect WP-Config file and use WP new secret salt keys
- Update to latest version of WP as well as update plugins
- Take full backup of the database
- Make sure the WP database prefix does not start from wp_
- Remove the admin account or id #1
- Ensure that .htaccess file is secured and not writable
- Information about WP (version) from header is removed
- Notification of any file changes are emailed to webmaster
- Admin Lockdown = If an IP address attempts to access WP admin – after 3 attempts, the IP will be blocked
- Admin lockdown = if a user with the same IP makes too many attempts to open a file that does not exist – after 3 attempts, the IP will be blocked
I hope these security measures help you just like it has helped us and our clients.
If all of these security measures sound confusing to you or you simply don’t have time to handle the website admin duties then contact us and we will be happy to assist you.