Did you know that over 13% of Irish internet users have experienced fraud of some description, while 16% of them had reported having their social media or email accounts hacked? The Irish Times surveyed over 1,000 Irish men and women and found that anti-virus use in Ireland is well below the EU’s 61%.
If you manage a website using the popular WordPress software, you are a sitting duck waiting for hackers to breach your site if you do not follow these simple tips.
1. Keep your WordPress installation up-to-date.
WordPress powers over 50% of the websites on the internet, which makes it a prime target for hackers to exploit vulnerabilities. Automattic, the company that develops WordPress, works tirelessly to fix any identified exploits by issuing updates with fixes frequently. If you are not keeping your WordPress installation up-to-date, then you are not getting these critical fixes.
2. Don’t use extensions unless you trust the author.
It can be tempting to customize your WordPress installation with thousands of plugins available on the WordPress Plugins page, but unless you trust the author, you should think twice about installing these extensions.
Popular extensions can introduce vulnerabilities that can be identified by hackers that will then target any websites or blogs that use the same installation. This common vulnerability allows hackers to focus on targetting thousands of different blogs with the extension installed.
3. Change your default login details.
When setting up your WordPress installation, you are provided with a default account with the username ‘admin.’ Because WordPress is so used by thousands of websites all over the globe, hackers will try to guess the admin password to be admitted access to your site.
Change this immediately to something more secure that you have never used on another site to prevent this standard method of attack.
4. Know the tell-tale signs of hacking.
You should maintain constant vigilance with your WordPress installation so you can quickly identify signs of hacking. Most hackers will not take your site offline immediately. Instead, they will insert malicious links to their content, or they will attempt to steal the personal information of your site’s visitors.
If you conduct sales on your site, you should take extra steps to remain aware of your site’s security.
5. Set up website lockdown to prevent brute force attacks.
Sometimes your moderators or other admins get careless and re-use login details or only change one or two characters in their passwords. To prevent brute force attacks on these accounts, you should enable the WordPress feature that locks out users after a certain number of wrong attempts.
Allowing three to five attempts to get a password correct is generous and should prevent you from running into problems with people who have legitimately forgotten their password.
If you follow this small handful of tips for your WordPress blog, you should be reasonably safe from hackers looking to exploit your site. The most important tip is to keep your site and any plugins you use up-to-date, since most updates are to fix known security issues that have been discovered.