Your website is your virtual business card and storefront.
And if you have a WordPress website - the preferred platform by all major search engines - you unfortunately have a bright red target on your back.
Like any other brick and mortar building, your online business is vulnerable to bad guys looking for an unlocked door or window into your WordPress site.
After gaining access, these evil hackers compromise your once-clean website and turn it into a bot (or zombie.) This newly recruited zombie is then welcomed into a botnet (or zombie army) with only one intent...
To find more unsecured WordPress sites that they can wreak havoc with by injecting malware, changing files, or uploading new malicious content.
You've watched cartoons where the masked burglar sneaks around a building, jiggling the nobs on the front door, then the back door, then each window, anywhere the owner might have forgotten to lock. And if they can't get in, they'll go on to the next house.
Hackers do the same thing. They know exactly what to look for and prey especially on WordPress sites whose owners don't realize there are a few simple things they can do right now to avoid being an easy target.
Here are 5 ways to fight off zombies today!
The reason why WordPress and plugin authors create new versions is because bots figure out the versions' vulnerabilities. And so by updating the versions, it throws the bots off... at least temporarily.
Plugin folders are the perfect place for hackers to hide malicious files since most of us never have any reason to access them.
By updating them regularly when you see the update notifications on your dashboard (see image at right), your are essentially going around and securing unlocked doors and windows.
One wrinkle is that when WordPress is updated, some plugins may not work any longer. A reliable web developer can help you test them and find the best plugin substitutes if needed.
As a word of caution: Always back up your database before updating.
When WordPress is installed, the username by default is "Admin" - and most people never change it. This is the first unlocked window the bots check for; and not surprisingly, most attacks are made on sites with the default "Admin" as the username.
This is an easy fix:
1) Log in to your WordPress admin dashboard using your admin account like you normally do.
2) Select "Users" from the sidebar and click "Add New User." Note: Once a user account is created, you cannot change the username.
3) Fill in the form and choose "administrator" in the "Role" drop down menu. A different email address than the one currently linked to your user account will need to be used.
4) Click "Add New User."
5) Log out and log back in using your new username and password.
6) Go back into the User area and delete your previous user account. If you had articles published under your original username, you will be given the option to either delete them or attribute them to your new username.
7) Confirm the deletion, and you are done.
By doing this one simple piece of espionage, you literally cut your chances of a bot hacking into your dashboard in half.
Your display name is the name seen on your blog posts and comments. The WordPress default is to make it the same as the username.
This is a simple fix, too:
1) Log in to your WordPress dashboard.
2) Select "Your Profile" under "Users" on the sidebar to access your profile.
3) Scroll down until you see "Display name publicly as" and enter any name you'd like.
Your display name can be changed as often as you like.
Add the "Replace WP-Version" plugin so that when the bots are crawling the Internet looking for WP sites, they can't see what version you are using. By default WordPress displays the version in the source code, making it easy for bots to focus on that version's vulnerabilities.
Note: Always check to make sure recommended plugins haven been recently updated by the author.
Add the "Sucuri WordPress Security" plugin to complement your existing security solution. It monitors file file activity, regularly scans for malware on your website, and...
When it finds anything changed, it will email you at the email address specified in the settings to let you know exactly which files have been corrupted so that you can fix the problem immediately.
Pretty spiffy, huh?
Another plugin that we have added to our website is the "BruteProtect" WordPress plugin. It tracks and blocks ip addresses that continually try to login by brute force.
By taking these 5 simple steps, you will dramatically cut down on hackers getting into your website.
Seize the day and protect your website!
[leadpages_leadbox leadbox_id=14555ac46639c5] [/leadpages_leadbox]