Word Press is a fantastic platform to create a website. I dumped the “old” ways of website creation about two years ago to fully embrace WordPress. However there are some sad, sick SOB’s out there who have nothing better to do then to try to hack the websites of honest and hardworking business owners, both large and small.
Just this week, Tim Ferris, author of The 4 Hour Workweek took to Facebook to ask fans if they were receiving malware warnings on his blog at the fourhourblog.com. A number of people reported that, yes, indeed their browsers were reporting malware (although there is some talk that Google’s Chrome browser was actually identifying an ad as malware).
But, do you think hacking is just the concern of huge websites like Go Daddy, CNN or the Huffington Post? If so, think again. A year ago, two of my clients (a local restaurant and a pet transportation company) were hit with attacks. Last week I was visiting a networking contact’s website (she does marketing communications and publishing) and my security system identified and quarantined malware on her site. Two people in one of my business coaching programs have had their sites hacked, and one was an especially troubling attack, where they hijacked her entire site (see the screen shot. Frightening!)
Just like Windows, the mere fact that there are so many Word Press sites out there means that they are ripe targets for these freaks. And, if Google detects malware on your site, guess what? They will blacklist your site and block access. Then you have to contact them and try to prove that the site is no longer infected. Trust me, that’s not easy.
But you CAN protect your website by following these simple tips:
- ALWAYS pay attention to any updates for your website theme, your plugins and the Word Press software itself. In fact, there was a major Word Press release just within the last month and there was an additional update just this past week. Hackers use outdated WordPress files and/or plugins and exploit vulnerabilities in those programs. Back up your files before proceeding and update everything. Ask your web person for help if you need it. This is why I always suggest that client pay for ongoing security maintenance. Security maintenance not only means backing up your files to offsite locations, but also updating WordPress, themes and plugins and running security scans on a regular basis.
- Use strong passwords on your hosting account, FTP (File Transfer Protocol) access and your Word Press admin area. And, by the way, “password1234″ is NOT a strong password! I hate this too, but you have to make something secure, which means upper and lower case letters, numbers and special characters. And somewhere between 9 and 15 characters. I recommend using Strong Password Generator . Yes, it is a pain, but you will sleep better for it.
- Put a plugin like Limit Login Attempts on your website. You can set a number of times that someone can try to log onto your site and, if they exceed it, they are locked out of trying any further.
- Share server hosting vs Virtual Private Network (VPN) – most hosting account are on what are known as shared servers. This means that your website is hosted on a computer with potentially hundreds of other websites. If one site is hacked or, as it happened to one nonprofit I know of, one site on the server is hosting a phishing website, your Internet Service Provider (ISP) can block access to your site. A VPN gives you greater control and security by , albeit at a higher cost.
- Use a reliable host that is an expert in WordPress hosting and has great customer service. When you get hacked, they are often the only help you can get to clean up the malware.
Also remember to protect YOUR computer from other websites that may be infected. I personally use ESET Smart Security (set to “maximum protection”) and it always warns me and quarantines malware that may try to download to my computer from another website. This is what warned me that my colleague’s website was infected.
It’s unfortunate that we have to be concerned about this kind of Internet vandalism, but take steps to protect your site and you’ll avoid the hassle and stress of a hacked site
Sucuri – a web malware monitoring and cleanup service (fee-based)
Sucuri Site Check – a free website malware scanner. Enter a URL (ex. sucuri.net) and the Sucuri SiteCheck scanner will check the website for known malware, blacklisting status, website errors, and out-of-date software.
Sucuri Security – SiteCheck Malware Scanner – a free WordPress plugin
Strong Password Generator - creates strong passwords of any length, using upper and lower case letters, numbers and special characters
Limit Login Attempts - a WordPress plugin that limits the number of login attempts.
ESET Smart Security – protect your own computer of Internet threats