We’ve talked before on how to secure your website but maybe I want to take a step back and talk about why you should. WordPress is the world’s leading software right now for website development and when you are the leader in the tech industry, you are a target. All websites are targets but if your site is a WordPress site, then it has a bigger target so you need to take extra steps to ensure your site is secure.
Hackers also have a monetary reason for wanting to hack your site. If they can hack your site, then they have redirect your customers to their own sites and get paid for driving traffic to their advertisers. The more traffic they can drive to their site so their customer’s ads get viewed, the more they get paid. They don’t care how they drive traffic there just as long as the traffic gets there.
They also want to “phish” your customers. They will hack your site by forcing your customers to see a site that looks like yours but is really their site. Of course their site is infected with malware that will infect your customers’ computers with a virus that will steal their personal information.
But some hackers just want to push their message so they will hack your site and change it to push whatever message they want. Hackers may totally delete your content and replace it with their own or they may put some of their content on top of yours. They may even just want to prove they can hack your site and put banners all over your site saying this site has been hacked.
I did see a local car dealership’s site hacked like this once and it was one of the bigger dealerships so they should have had safeguards in place for this. It was hacked for more than a couple of days so you have to wonder how much attention they were really paying to their site.
How does your site get hacked?
One way is outdated code in your site. With WordPress this can come in the form of outdated plugins, core files or themes. Developers are not perfect so they can accidentally write bad code that creates openings for hackers. Once the developers find the bad code, they fix it and release a new version of the code. If you are not keeping up with updates, then you are leaving this door open for hackers.
You need to keep up with updates and make sure you have the latest and greatest code so close these “back doors.”
Bad passwords are also a way for hackers to gain access to your site. Hackers will try what is called a brute force attack. They will continually try and login to your site using the most commonly used passwords and other common words. They will basically take a dictionary and try every word as the password.
Also consider other users on your site and their usernames and passwords as well. You need to ensure their passwords are complex enough to keep the site secure. Along with the site usernames and passwords, you will want to ensure the access to the hosting and any and all ftp sites are also secure. There are multiple ways for a hacker to gain access and as the saying goes, you are only secure as your weakest link.
Using “free” versions of paid plugins and /or themes is not a good way to keep your site secure. Some hackers will take a premium plugin and make a “free” version of it that contains code that will infect your site. So when you try to save money by using the “free” version, you are actually infecting your own site.
Keeping your site up to date and secure can be a huge task but it is necessary. If you need help in keeping your site up to date and would like us to help you get started, contact us and we will be more than happy to help you get started.