Roughly 30 percent of the web runs on the WordPress platform. It’s highly customizable, effective and secure. However the WordPress core, theme files and the plugins that bring additional functionality, need to be kept up to date!
In the last several years there has been an increased amount of large scale WordPress brute force attacks. This is usually in the form of malicious scripts that cause a redirect of the website to go places you don’t want to go and once this happens it takes time to fix. These hacks and scripts can also damage your website to the point of the website needing to be rebuilt.
Factor in the time that it takes to identify the problem, stress factor, reputation and cost… it’s worth it to make sure this doesn’t happen to your website.
As hackers and spambots get more and more sophisticated you need to be aware that any information that resides on servers is always at risk, nothing is 100% safe. You need to be proactive in protecting your data by either doing regular maintenance or hiring help for ongoing maintenance.
So what does this mean and what can you do to ensure your website stays safe?
1. Don’t just ignore it! If you are noticing alerts and notifications in your WordPress dashboard, you need to be proactive and update. If you’ve never logged into your site to check on updates… chances are there are plenty. If you notice your website is running slow, this is the first indication that something is going on.
2. Passwords. A website with weak security can do a lot of damage to your business, reputation, and your readers and customers.
A large botnet of around 90,000 compromised servers has been attempting to break into WordPress websites by continually trying to guess the username and password to get into the WordPress admin dashboard.
The most basic step in strengthening your website security is your passwords.
Be sure you are frequently changing your passwords for your admin access (and your hosting account) and make them strong! Here are some good tips on creating strong passwords.
Keep your WordPress version and Plugins up to date! And before you add new Plugins to your website be sure they are currently supported, documented and that the developer has a good standing with products. Your website is made up of the themes, plugins, core, and custom files that live on your server. If a patch is released and you don’t update, then your website becomes an easy target.
3. “I think I’ve been hacked”. If you suspect something is going on, call your hosting company. Some of the compromises start on the hosting server.
4. SSL: If you want your visitors’ data to be safe and secure, you need to make sure you have a trusted and valid SSL running on your servers. If you own a website or a blog in 2019, you need SSL. It’s as simple as that. An SSL certificate is no longer a luxury; it’s an out and out necessity nowadays.
5. Contact Forms: Keep your website protected from SPAM in your contact forms by implementing reCAPTCHA. It’s a free security service that protects your websites from spam and abuse. More details on how reCAPTCHA works can be found here.
Solving the Problem
First don’t take it personal. It’s upsetting and you might feel violated. You’re not alone – on average, 30,000 new websites are infected with malware daily.
Run a quick scan with Sucuri to check for malware.
or,
Run a scan using Anti-Malware from GOTMLS.NET. Upload the plugin into your WordPress dashboard under Plugins.
The scan will show you if there are issues.
Install Security Plugins – Before you have a problem
These plugins do a great job of monitoring your website. To understand and know which solution is right for you visit the Plugin websites below.
1. Wordfence
2. iThemes Security
There are many other security plugins available as well.
The best way to protect your website, get it cleaned and working again!
The security plugins do a good job of finding and eliminating problems, however you have to be proactive. If your website is hacked there are a variety of steps that need to be taken to identify the problem. The quickest way to confirm the integrity of your WordPress core files is by using the diff command in terminal. If you are not comfortable using the command line, you can manually check your files via SFTP. Read the process of identifying hacked files here
The process of finding the problem can be frustrating.
Luckily, when you have a maintenance plan in place with Rosepapa Creative we take care of all of it! If your website gets hacked, we fix it.
