A few weeks ago I had the great misfortune of logging on one day and discovering that a lot of my Word Press sites had been hacked. In total 7 sites had been compromised and out of these 3 were quite valuable to me so I wanted to get them fixed and secured as soon as possible.
Like most people I thought my sites were pretty well protected. I changed my passwords often and backed them up regularly. Little did I know that the Word Press platform is notorious for attacks from hackers. If your site isn’t updated to the latest version or one of your plugins are out of date you could unknowingly be setting yourself up for a fall.
With the help of some friends I was able to secure my sites again but it took a lot of time and got in the way of some other work I was trying to complete. So in this post I’d like to outline some simple steps that I’ve since followed that has allowed me to lock down my sites and have made them a lot more secure from attacks.
Back Up Regularly
First things first, before you start messing around with plugins and updating settings take a few minutes and make a complete back-up of your system. This is important incase something breaks when your changing something so that you can re-install your default version if anything goes wrong. I use Back Up WordPress for this but you can use whatever plugin your find best, but just make sure when running the back-up you include “all files” and not just the basic database option which many plugins offer.
Install these 3 Security Plugins
I bought a WP security product after my sites were hacked and in it I was advised to install 3 plugins and combine the power of all of them to lock down my sites. They are Secure WordPress, BulletProof Security and Better WP Security.
The reason why its best to use a combination of all of these plugins is that you will only need a couple of features from each one. Basically by taking the best bits from each plugin you are able to provide your site with a very comprehensive security solution.
I won’t go through the configuration of these plugins because it will make this blog post very, very long but if your need any help then just send me an email and I’ll help as much as I can.
So what do these plugins do?
They perform a mixture of security functions, all of which are designed to protect your sites from the most common attacks on the net.
A general overview of some of the things they do are as follows :
- deleting the “admin” default WP username and replacing it with something more secure
- secure the htaccess file
- change permissions on different files and folders on your server
- blacklisting and locking out known IP addresses from attack sites
- keeping a log of all 404 errors and bad logins
- changing the root of your sites backend so it is more difficult for bots to find
plus much, much more…..
I will admit that setting up all of this did take a lot of time but that was mainly because I had to first fix my sites that were hacked, all 7 of them, and then lock them down using those plugins.
I’d advise anybody reading this to start taking similar measures to safeguard your sites because it is a lot of unwanted hassle and time wasted trying to put them right after an attack. It would be a lot easier to just activate these security features on any new site Word Press installation and bit by bit revamp all your current sites.
The stats on hacking are quite unbelievable with around 75% of new WP sites being hacked within 12 months and the thing is that a lot of people don’t even know that their sites been hacked. Perhaps the hackers injected some malicious code into your their site or created a “backdoor” so they can get in and cause trouble whenever they want.
Prevention is definitely the best solution for this problem so follow these simple guidelines and make your WP site as secure as Fort Knox :
- keep all themes, plugins updated to the latest versions. Often these updates are used to fix security bugs so always keep everything up to date.
- run back-ups regularly so if something should ever happen to your site you can just re-install your last known clean version.
- install the 3 security plugins and keep an eye on the error logs to see if your site is being targeted.
- change your passwords regularly and delete the default WP username. Create something unique because most the “admin” username is very prone to attacks as the hackers only need to crack your password.
By following these simple steps your site will be more secure that 99% of others online. It may not protect you from all attacks but you will have peace of mind because you know your site is secure. Especially if you incorporate those 3 security plugins you know that even if your site comes under attack you have the procedures in place to deal with it. Also the fact that you have been backing everything up you know you can just re-install your site should the worst happen.
If you have any questions then send me an email of leave your thoughts as a comment below. I’d be interested in hearing if you have any other tips to make your site more secure.
Thanks for reading,
Want to read more posts like this? Then you’ll enjoy these posts from the archive…
Triple Threat Method for Big Commissions
How to Position Yourself as an Authority Figure in Your Niche
Mastermind Gold with John Thornhill