You can listen to this blog by using the audio player below
Is it just me or are hackers and scammers at an all time high on the internet these days?. Thats exactly why I always tell my clients that……
WordPress Security is not an option, its a necessity
So you most likely are asking….”How do I increase WordPress security?”
I’m a part of a few tech communities on Facebook and I see at least one person each week posting a sad story asking for help with a website that is being redirected to some dark internet website. I know that sounds kinda mean right! But I’m not stranger to this either. I’ve been a victim of a website hack and I cant explain how much it hurt my feelings when I lost my entire website. All because I thought that nobody would want to hack into my little blog that wasn’t even selling anything at the time. Boy was I wrong! WordPress security issues are not something you want to have.
Did you know that WordPress powers over 40% of the websites on the internet? That includes companies and entrepreneurs of all sizes such as The NY Times, CNN, big artists like Jay-Z, and Katy Perry, and many more.
This is why hackers actually send bots to pick on WordPress websites, not just specifically mine or yours. At first I thought it was a personal attack like someone was hating on me and wanted to see my fail, I was deep in victim mode before I did some research and had some major realizations when I found out it was nothing personal.
The main reasons why hackers want to attack your website are:
Malicious Redirect
Redirect your website to a spam website on the dark web
Phishing
The fraudulent practice of sending emails purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.
Spam/SEO
Injecting spam links into your websites text
Crypto mining
Using your websites server space to validate cryptocurrency transactions
Defacement contests
Hackers like to show off and test their skills just for the hell of it.
I recently attended iThemes WordPress Disaster Week 3 days webinar and learned these 4 WordPress security tips you can implement to beef up your WordPress website security and become a WordPress Jedi! iThemes provides some of the best security for WordPress.
People don’t think they have anything of value and insignificant but hackers think your site is just as valuable as the NY times.
1.Use unique passwords for everything
Make it hard for hackers to get into your website every step of the way. Believe it or not, people are still using Password123 for a password? If you’re guilty of this, you should probably make it your priority to stop reading this and change it now, then come back and read the rest. Reusing passwords for everything is still one of the main reasons why folks get hacked.
Check out this article to get more info on how to Force Strong Passwords
Never Reuse an old password.
iThemes Security Pro has a feature that requires user accounts that are considered vulnerable, such as having a weak password or recent brute force attacks, to use two-factor even if the account doesn’t already do so.
2.Use two Factor Authentication
Just a unique User ID and password is not enough right now.
2Factor Authentication is an extra layer of security used to make sure that people trying to gain access to an online account are who they say they are.
Two-Factor Authentication greatly increases the security of your WordPress user account by requiring additional information beyond your username and password in order to log in.
The iThemes security pro has the 2 Factor Authentication option built into it too, such a lifesaver. It gives me so much peace of mind when I had to add a user to a website to complete a task.
– Google authenticator, Authy, Lastpass, and OnePassword are a few authentication apps that you can use too
3.Layered Security
Remove plugins and themes that are not in use, not just deactivate them.
iThemes has a great feature that keeps track of outdated versions of WordPress to reduce vulnerabilities that hackers take advantage of to get into your website
Isolate websites and business roles from each other.
Don’t have them on the same server just to save money on hosting. I usually have clients use their own hosting account with Siteground, this limits the hacker on what they can do
iThemes WordPress security has a feature that protects your site against attackers that try to randomly guess login details to your site. (Brute Force Attack)
4. Limit administator access to your websites for better WordPress security.
Does every one need admin access to your website? Probably not. When you just need someone to edit a few things or contribute a blog to your website, they don’t need administrator access to the entire back end of your website do they.
Don’t use admin as user name
Giving admin privilege to everyone increases the vulnerability to your website.
Check out this article for more information on access to your wordpress website https://wordpress.org/support/article/roles-and-capabilities/
If you cant tell already, I use and stand behind the iThemes Security Pro makers because they are WordPress security plugins experts.
On average, 30,000 websites are hacked every day. Every 39 seconds, a new cyberattack happens somewhere on the web.
WordPress currently powers over 40% of all websites, so it has become an easy target for hackers with malicious intent. iThemes Security Pro takes the guesswork out of WordPress security to make it easy to secure & protect your WordPress website.
Check out his article on WordPress Security Audit
If this article was valuable to you or if you think think it would benefit someone else, please feel free to share it using the social share links below. You can also support this website by clicking on the links to purchase the tools I use in the side bar or down below if you are on your phone.
