Millions of websites are powered by
WordPress software and there’s a reason for that. WordPress is the most
developer-friendly content management system out there, so you can essentially
do anything you want with it. Unfortunately, that has some downsides as well.
For example, if you don’t change your
default configuration, hackers and some pesky users with too much curiousity
immediately know where to log in to get into your admin area. In WordPress, you
can just type in domain.com/wp-admin and it will take you right to the login
screen. At that point, it’s all about trying to crack your password. The most
common method hackers use is brute force, which allows them to test millions of
login combinations in a short amount of time.
Do not use defaults
Do not use the default username and
password you are given for both your hosting account and for your website
content management system. Change your username and password as soon as you
have purchased your package and installed WordPress.
Change your details even if the hosting
company allowed you to enter your own details when you signed up (i.e. your
username and password were not a defaults) because you cannot be sure how
secure the hosting company’s servers are or who else has access to the
information you entered into the system.
Have a long password and change it every 72 days
The password you choose should be over 8
characters long. It should be a mix of letters and numbers and should not
feature any words. It should be a random mix of numbers and letters. Do not
write your password onto anything electronic except for the small encrypted
password box on your WordPress system. If you cannot remember your password
because you are not Stephan Hawking, then write it down on a notepad that you
store somewhere safe in your home.
Change it every 72 days because it makes a
hacker’s life a little more difficult. It means the hacker has to start from
square one again if he or she has a brute force program running on your
website.
Use secure hosting
This should go without saying, but you should
find a host that puts security as a top priority. Many free hosting packages
cannot afford to spend a lot of money on security, though that doesn’t
automatically mean a big and expensive company spends a lot of money on
security either.
It is up to you to find a hosting package
that takes security very seriously because gaining access to your website via
your servers is the ultimate backdoor pass. Done correctly, by getting into
your website via hacking a server, the hacker may be able to overcome almost
all of your security measures with ease.
Back up your website
Let’s not forget that if someone is
motivated enough to get into your website, then that person is going to do it.
A 15yr old hacked NASA, a 16yr old London boy Richard Pryce hacked American
military systems and was noted as the biggest threat to US security at that
current time, and Gary McKinnon managed to hack the USA’s most secure military
computers that include Area 51. So, if you think your plugins and security
protocols are a match for hackers, then think again.
Your best defense is to backup your website
and if you are hacked you can wipe the slate clean, restart your security,
change all your access passwords, improve your passwords, and re-upload your
website data all within one day. Manually back up your website unless your
hosting company offers the service for free and doesn’t charge for the extra
space the backups take up. You only need the last 2 versions of your website.
Do not keep all your backup copies as they will take up space on your servers,
which is space you are probably paying for.
Keep things up to date
This goes for all your technology,
software, and accounts. Keep up to date with WordPress updates, and if your
security plugins come with free updates you should update as soon as they are
released. Do not stick with old versions of WordPress because the longer a
WordPress version exists, then the higher the chances are that hackers have
found a way to break into it.
No comments:
Post a Comment