Did you know that over 13% of Irish internet users have experienced fraud of some description, while 16% of them had reported having their social media or email accounts hacked? The Irish Times surveyed over 1,000 Irish men and women and found that anti-virus use in Ireland is well below the EU’s 61%.
If you manage a website using the popular WordPress software, you are a sitting duck waiting for hackers to breach your site if you do not follow these simple tips.
1. Keep your WordPress installation up-to-date.
WordPress powers over 50% of the websites on the internet, which makes it a prime target for hackers to exploit vulnerabilities. Automattic, the company that develops WordPress, works tirelessly to fix any identified exploits by issuing updates with fixes frequently. If you are not keeping your WordPress installation up-to-date, then you are not getting these critical fixes.
2. Don’t use extensions unless you trust the author.
It can be tempting to customize your WordPress installation with thousands of plugins available on the WordPress Plugins page, but unless you trust the author, you should think twice about installing these extensions.
Popular extensions can introduce vulnerabilities that can be identified by hackers that will then target any websites or blogs that use the same installation. This common vulnerability allows hackers to focus on targetting thousands of different blogs with the extension installed.
3. Change your default login details.
When setting up your WordPress installation, you are provided with a default account with the username ‘admin.’ Because WordPress is so used by thousands of websites all over the globe, hackers will try to guess the admin password to be admitted access to your site.
Change this immediately to something more secure that you have never used on another site to prevent this standard method of attack.
4. Know the tell-tale signs of hacking.
You should maintain constant vigilance with your WordPress installation so you can quickly identify signs of hacking. Most hackers will not take your site offline immediately. Instead, they will insert malicious links to their content, or they will attempt to steal the personal information of your site’s visitors.
If you conduct sales on your site, you should take extra steps to remain aware of your site’s security.
5. Set up website lockdown to prevent brute force attacks.
Sometimes your moderators or other admins get careless and re-use login details or only change one or two characters in their passwords. To prevent brute force attacks on these accounts, you should enable the WordPress feature that locks out users after a certain number of wrong attempts.
Allowing three to five attempts to get a password correct is generous and should prevent you from running into problems with people who have legitimately forgotten their password.
Conclusion
If you follow this small handful of tips for your WordPress blog, you should be reasonably safe from hackers looking to exploit your site. The most important tip is to keep your site and any plugins you use up-to-date, since most updates are to fix known security issues that have been discovered.
A recent warning issued by An Garda Síochána about a callback scam targeting Irish users of WhatsApp should serve as a reminder to company owners that their business networks, including their mobile messaging platforms, face a variety of risks.
In early March 2018, a news story published by the Mirror explained that Gardai received many complaints from WhatsApp users who received a message from an unknown number and the subject line “Martineilli.” Users who opened the message were later targeted by missed VoIP calls from numbers starting with the 087 country code, which would suggest calls originated within Ireland. The idea is to ensnare WhatsApp users into a callback scam.
Gardai detectives have determined that the 087 numbers are spoofed, and that the calls are actually made from Bosnia. When the callers return the call, they unknowingly activate a special charge to their monthly bill. Some callers report that this has happened to them various times in a single month.
The lesson for business owners to learn in this case is that their mobile messaging apps can be vulnerable to external attacks. Even dedicated business messaging networks such as Slack are not as safe as many people wish for; furthermore, micro-companies that decide to use WhatsApp for business use just because it is already installed in the personal smartphones of most employees are opening their companies to greater risk.
In the past, information security researchers combing through code posted on the popular online development platform known as GitHub have discovered Slack tokens with login credentials that could be used to spy on corporate chats, projects and conversation threads.
Companies that choose to implement mobile messaging apps as part of their networks should first conduct a security audit. Even though apps such as Telegram offer strong end-to-end data encryption, company owners should not assume that they will be impervious to phishing attacks or social engineering.
A mobile messaging app can only be as secure as the business network and security policies of the company. Any digital communications solution can be hacked; the idea is to enact preventive measures to avoid data breaches and network intrusion situations.