Don’t Let Your WordPress Website Get Hacked
Jenna EricksonDecember 13th, 20166 minute read
Jenna is the Marketing Manager at Codal, blogger, and technology + startup enthusiast. With a responsibility of Codal's marketing programs and brand management, she is always strategizing new ways to reach clients through content and inbound marketing tactics. In her free time, Jenna enjoys traveling, cooking and reading.
For any website owner, having your website hacked is a major nightmare. If you don't have your WordPress development team on hand, it can take a few days to get your website where it was before it got hacked.
WordPress websites are the primary target for hackers. Why? Simply because it is such a popular CMS, and it is "easiest" for hackers to get in.
According to Forbes, 30,000 websites get hacked every single day. That's a lot! Don't let it happen to your website. Here is a little insight as to why and how websites get hacked, and an easy way to prevent your website from being taken over by hackers and robots.
How and why do WordPress websites get hacked?
Most hack attacks are done automatically. A person is not sitting behind a desk, attempting thousands of passwords. Hackers use bots to crawl the web, finding the most vulnerable websites. This also means that your website probably was not targeted, and there is no reason why your specific website got hacked.
What does the hacker get from this? Well, there are a large number of reasons that it could be, and here are some:
-To receive financial / credit card information
-To infect your user’s hardware with a virus in order to capture their information
-To redirect to another website
-Server access, spam emails from a server
While those are a few reasons why it could happen, when it happens to your website, the reason is typically unknown. Instead of dwelling on the how, and why, you should take action and make the changes to prevent it from ever happening again.
Prevent your website from getting hacked
Some say that the more and more plugins you have installed, the higher chance of getting hacked, because many of these applications and plugins' code is not well-written.
While this is true, and you should keep a minimum amount of plugins installed, here is a secure and trusted plugin that will actually prevent your WordPress website from being hacked:Google Authenticator
The Google Authenticator plugin will allow a two-factor authentication when logging into your WP website. You must download the Google Authenticator mobile app on your Android, iPhone, or Blackberry, and you will be all set.
Once you have the app downloaded on your smartphone, and the plugin installed on your website, here are the next steps, to ensure it is set up properly:
Google Authentication Steps:
- Login to WordPress using your username & password.
- On the top right corner, click on your profile image icon, and click "Edit My Profile".
- Scroll to the 'Google Authenticator Settings' and check the box that says "Active."
- Open the Google Authenticator app on your smartphone and either select "Scan Bar Code," or input the key that is in the "secret"text box. (Note: Bar codes are hidden by default. You must click "Show/Hide QR Code" to view it.)
- Write a description for the website in the description textbox. (Examples: Web Development Agency.)
- Save your new settings by clicking "Update Profile" at the bottom.
Your two-factor authentication should be all set up! When you login to WordPress as an admin, you will now have to enter the code that is on your mobile app, which will prevent any hacker or robot from getting into your site. The code on your app changes every minute, so you will have to re-enter it every time you login.
With the new plugin installed: this is how your login and application should appear:
On top of using a two step verification to login to your website, you should always make sure your passwords and login details are secure as possible.
First off, change the login name from 'admin' to something else, anything else. Since this is the standard login for WordPress when you first create a website, many developers and website administrators never get around to changing it. Hackers know this, and it makes it that much easier to get into your site.
Secondly, use an automated password generator. WordPress has this built in for a reason. So, use it. A password that looks like this: Ju3M$2H%B1E!&&Co might not be easy to remember, or fun to type in, but people use passwords like these for a reason. Because it is secure.
Conclusion: Make these simple changes to avoid a headache later on
Making these few simple changes on your WordPress website can mean saving yourself, and your WordPress development team a lot of time in the future.
Install a plugin, download an app, use a password generator, and change your admin name. It's as simple as that.
Still need assistance? Feel free to contact us!