If your website is built on the WordPress platform, then security is definitely something you need to be concerned about. I love WordPress for developing websites for the simple reason that if offers so much in the way of customization and applications that can help market your website. There are thousands of applications (plug-ins they are called) that can automate many tasks that you might need for your website. But all that potential customization comes at a price: namely security. Each one is a door that a hacker can use to gain entrance to your website files, and then wreck havoc with your website (and potentially destroy your website rankings).
Recently, security for WordPress sites has really come into the spotlight as the number of attacks against WordPress websites has exploded, specifically targeting sites that were using old versions of the software. I personally own or maintain about a dozen WordPress web sites and recently a few of them that I had neglected to update over the last six months had all been hacked.
And what does hacking mean?
Well, it can take several forms. Worst case is someone takes the site over completely, adding themselves as an administrative user and then hiding their identity from you, the legitimate owner of the site. The would have full access to all folders and content of the site. For many this is not a major concern as few websites have information on them that might compromise credit cards, financial accounts, etc… That doesn’t mean that it isn’t harmful. It could mean that they are injecting malware to people who visit your site (which will quickly get your site banned from google) Or it could be that they are doing nothing more than posting multiple spam links from your site to theirs. These sites, about cheap Viagra, gambling, adult material, are usually considered to be in “bad neighborhoods” and with your site linking to them can make you part of the same bad neighborhood. Either way, it means that your site is dropped from Google, Yahoo, and Bings index of sites.
There goes all your free traffic.
So what can you do?
First, make sure no one is controlling your site right now. Go to your PHP My admin in your hosting account and check your User table. Hit browse so you can see all the users. If there is one listed there that you didn’t create, then get rid of it. And by the way, you can’t actually go the wordpress admin page and check the Users there as a hacker can hide themselves from this screen.
Second, make sure you secure all your users and passwords. Check your user accounts for one called admin. If it is there, get rid of it. Then make sure the rest of your accounts have good passwords (no pets name or 1234).
Third, keep everything updated. Keep WP updated as well as all plugins as most attacks target older versions of WP which were more vulnerable.
Add security plugins
- WordPress Firewall II
- Secure WordPress
- Login Lockdown
These are a few good security plugins for wordpress.
Backup. Make sure you keep regular backups of your site so in case it does get hacked, you can bring it back. You should back up not only the database but all the WP base files as well as they can get compromised as well as databases.