{"id":22697,"date":"2016-04-18T12:23:59","date_gmt":"2016-04-18T10:23:59","guid":{"rendered":"https:\/\/wpjournalist.wpmudev.host\/?p=22564"},"modified":"2021-10-31T14:49:25","modified_gmt":"2021-10-31T14:49:25","slug":"seriously-you-really-need-to-secure-your-wordpress-website-now","status":"publish","type":"post","link":"https:\/\/wpjournalist.nl\/en\/seriously-you-really-need-to-secure-your-wordpress-website-now\/","title":{"rendered":"Seriously, you really need to secure your WordPress website now"},"content":{"rendered":"

Did you know that the website of Mossack Fonseca, the company of the Panama Papers, was a WordPress website?<\/p>\n

And did you know that the site was probably hacked because of an outdated version of Revolution Slider?<\/p>\n

Wordfence announced this in its blog<\/a>. Wordfence is one of the best plugins of the moment to secure your website against unwanted intruders.<\/p>\n

The hacking of your WordPress website is one of the biggest nightmares for website owners. So it is important to secure this website properly.<\/p>\n

From one moment to the next, your website will no longer be accessible and you will no longer be able to access the CMS. All the energy, time and money you have put into it is in danger of being lost.<\/p>\n

It happens all too often. According to Forbes magazine<\/a>, 30,000 websites are hacked every day around the world.<\/p>\n

In this article we will show you why hackers want to have access to your website. Then we will discuss how you can protect your website against these brutal attacks.<\/p>\n

Why would someone want to hack your website?<\/h2>\n

Owners of smaller websites often think that they are not a target for hackers. A blog with a few hundred or a few thousand visitors per month; that\u2019s not interesting for a hacker, isn\u2019t it?<\/p>\n

But it is\u2026.<\/p>\n

Hackers use your website to send spam emails via your server. And that’s tricky, because when Google notices that SPAM is being sent from your server, you have a chance they\u2019ll blacklist your website.<\/p>\n

Or they may use your website to redirect your visitors to other websites through which they make money via affiliate programs<\/a>. Then they will get a commission if you click on certain links.<\/p>\n

Consequence: the regular mails and newsletters are also put into the spam box of others. Or worse, you\u2019ll be completely taken out of the search results by Google.<\/p>\n

Sometimes hackers just do it for fun. They like to hack a site. Just for the sport. Most of the attacks by hackers are automated. A hacker is really not going to type in an address and then see if the site has any vulnerabilities.<\/p>\n

No, just like search engines, hackers use bots to search for weak spots on the Internet. This allows them to check thousands of websites at the same time. And often there are always a few websites among them where they can break into.<\/p>\n

Where is it most likely that they will hack into your website? A few figures:
\n\u2022 41% of the websites are hacked by vulnerabilities in the hosting<\/a> platform.
\n\u2022 29% occurs through the template you have purchased.
\n\u2022 22% occurs via a vulnerable plugin.
\n\u2022 8% due to a weak password.<\/p>\n

More than half of all hacks come because of WordPress themes and plugins. Or because of inadequate hosting<\/a> parties that do not have their security in order.<\/p>\n

What can you do about this?<\/p>\n

How can you ensure that your website remains secure? We can\u2019t give a 100 percent guarantee, but you can make it very difficult for intruders. And then they will give up at some point.<\/p>\n

In this ultimate manual we will give you tips; this is how you need to secure your WordPress website:<\/p>\n

1. Choose a good hosting provider<\/h2>\n

From the figures above, it is clear that the quality of a hosting<\/a> provider is important. Nowadays most providers are reasonably reliable, but often cheap, ends up being expensive. If you pay only ten bucks for your hosting per year, you can expect that less is invested in the security of your website.<\/p>\n

But then, what do you have to pay attention to?<\/p>\n

Take a good look at what your provider offers. In addition to supporting the latest versions of PHP and MySQL, they must perform regular malware scans<\/a> and daily backups. My hosting provider uses Patchman, a program that keeps hackers and malware out and also automatically repairs vulnerabilities in websites.<\/p>\n

You could also choose a provider that focuses specifically on WordPress (there are some, such as Savvii – although slightly more expensive than average), because they do even more to secure WordPress websites and often have a lot of expertise on the matter.<\/p>\n

2. Make sure you have good backups<\/h2>\n

You can never guarantee for 100 percent that your website will be hacked. It is therefore advisable to make regular – and in different ways – backups of your website.<\/p>\n

Always install a backup plugin for your website. Make sure you choose a good plugin, there are also backup plugins that only back up the database and not the files.<\/p>\n

I regularly use the plugins UpdraftPlus<\/a> and BackupWordPress<\/a> myself. You can download them for free from the plugin directory and install them easily. Then you can set the number of times you want to back up in the settings.<\/p>\n

\"backup<\/p>\n

There are also paid backup plugins, such as VaultPress, that offer more features. For example, if you want to download a backup to Google drive or Dropbox on a regular basis (in the cloud), you will sooner come across a paid plugin.<\/p>\n

Nevertheless, you can often get along with a free plugin, which I use as well.<\/p>\n

3. Make sure that you have strong login data<\/h2>\n

In addition to the hosting environment, hackers can also find out your login details from your website. That also happens automatically.<\/p>\n

That is done by so-called brute-force attacks, where hackers run a script that tries out hundreds – if not thousands – of passwords and usernames on your website in a short time.<\/p>\n

It is therefore important to create long, difficult passwords. WordPress automatically creates difficult passwords with more than twenty (!) characters, numbers and letters, case sensitive.<\/p>\n

And it has a strength indicator that indicates whether your password is safe or not.<\/p>\n

\"password-WordPress-strong\"<\/p>\n

That is necessary.<\/p>\n

Only your last name and then three digits behind it is asking for trouble.<\/p>\n

Change your password with some regularity (every six months). It is not wise to keep the same password for years.<\/p>\n

Avoid using the \u2018admin\u2019 username. Hackers are aware that many people still log in with the username \u2018admin\u2019. That\u2019s because this is the default setting when you create a new website.<\/p>\n

Hackers try to intrude into almost all WordPress websites on a regular basis. Just take a look at the message below from Wordfence, the security plugin.<\/p>\n

\"inlog<\/p>\n

You can see that an outsider logged in 17 times with the username \u2018admin\u2019. It\u2019s a bit of a job, but it\u2019s best to change your default \u2018admin\u2019 username. In the following video you can see how to do that:<\/p>\n