If you’re worried about people getting into your WordPress blog, I want to let you know the ways they normally do it so you can easily safeguard against these attacks. Fortunately computer hacking is nothing like you see in the movies. They don’t plug in a fancy computer and run a bunch of numbers, usually the way people get into your WordPress website or WordPress blog is through some pretty simple and common means, such as an out-dated version of WordPress, out-dated plugins with vulnerabilities, and simple easy to guess usernames and passwords.
Why Websites get Hacked
Tony Perez, Co-founder / CEO of Securi wrote an excellent article about Why websites get hacked. Of course it helps to know why your website is interesting to be hacked to get you clear on the importance of securing your website. No matter if you run a big brand website like BBC America and MTV news or you are a local blogger sharing your daily activity or a small informational business website everybody should secure their website. It is not always the information hackers need. Your server is also very interesting.
Outdated WordPress Versions
Did you know that Al Gore’s blog has been hacked, CNN blogs have been hacked, and these all happened because they used older versions of WordPress. But as soon as these high profile blogs were hacked, the creators of WordPress released a newer version that prevented these kinds of attacks.
That’s why it’s a very good idea just to keep your WordPress version up to date.
Sinds WordPress version 3.7 they have added an automating update feature that automatically updates bug fixes and security issue. In your WordPress dashboard, go to the updates area and they will tell you either that WordPress is up to date, or that it needs an upgrade. Click that button and you are good to go.
Now what good is having an up to date WordPress version if some of your plugins still contain those security holes? If you are really worried about it then do a few Google searches for the plugins you’re using on your site and see if anyone has reported security holes or flaws with these plugins or themes. A very famous security hole in the past was called Tim-some, which was a way to resize images in a theme so you could have WordPress theme and upload a picture or a logo to that theme, and for some reason the way that it processed that, the way that it re-sized that image allowed someone to gain access to that WordPress blog.
If you happened to have one of those plugins or themes, all you had to do was do a quick search and update the latest version of that plugin or theme, that fixed the issue. Now it does happen that some plugins or themes are simply no longer updated, but if they aren’t a Google search will tell you this, that you are using an insecure plugin that has no updates, and in that case it’s a good idea to stop using it and find an alternative.
One of my personal recommendations is to add yourself to the mailing-list of the developers of your theme and plugins or like their page on Facebook as some of them also send out notifications for updates through their mailing-list or Facebook page.
And finally, even with the most up to date WordPress and most up to date plugins, most people gain access to your WordPress by simply guessing. By simply trying to login using the username Admin and password Admin, or username Admin and password Test. So what you should do is delete that Admin user and set up a new administrator user preferably not using your first, last or website name, and a password containing letters and numbers that no one will ever guess.
Those are some very easy ways that hackers get into WordPress that you can protect yourself against. Keep WordPress up to date, keep plugins up to date, and in fact, Google the names of those plugins to make sure that there are no vulnerabilities and use hard to guess usernames and passwords in WordPress.
Don’t wait until it’s too late, backup WordPress right now and if you are wondering if your website is hacked I recommend WordFence Security to scan your website for spyware or viruses.
What security measures have you taken to prevent hackers from hacking your WordPress website? Please leave a comment below.