WordPress Security Tips – Avoid The 3 Biggest Problems
Want some usable WordPress security tips? Hacking is on the increase. You only have to watch the news to see that even major corporations are not immune. If they can be hacked so easily, what chance do you have?
Do you know the three biggest security barriers that block so many WordPress website owners? The ones that leave their websites - and business - at risk?
If you're a WordPress website owner who wants usable WordPress security tips and also wants to avoid these barriers to good WordPress security, read on ...
Barrier No. 1: Thinking You Won’t Get Hacked
Perhaps the most pressing problem with security is denial. Believing that that you won’t get hacked – that it just happens to other people. The unfortunate fact is your website probably will get hacked at some stage.
So the first of my WordPress security tips is: the choice is to take preventive action now or pay the price in having your website totally disappear tomorrow. And if you rely on your website for revenue, exposure or credibility, where will that leave you?
Why is it a barrier?
Thinking you won’t get hacked is a barrier because it prevents you from taking the action you need to take.
What is the real problem here?
Let’s be honest here. If you don’t take responsibility for the security of your websites, then regrettably, it will cost you in terms of money, reputation and time. And most probably all three.
How do you get around this problem?
You get around this problem firstly by adjusting your thinking. It probably will happen sooner or later, so it’s best to put steps in place to cope with it without impacting your business.
Then you need to assess the risk and then taking appropriate action. To assess the potential risks you can research the prevalence of hacking online. You can discover the results of your website being hacked. And you can see how often it happens these days. Then you can assess what steps you need to take to prevent these types of action.
How do you deal with this if you’ve already been hacked?
If you've already been hacked, there may be things you can do about it. Your hoster may have a single backup of your site, taken in the last week. If this is uncorrupted and hack-free, then you could be in luck. But don’t rely on it. It is not a replacement for a robust backup strategy.
In the worst case, if you have no backups and neither does your hoster, you may be faced with getting your site recreated from scratch.
Barrier No. 2: Not Putting Basic Protection In Place
Why is this a barrier?
You don’t leave your house door unlocked when you leave your house, do you? Yet so many people have insecure passwords, no firewall and no protection against brute force hacking attacks.
If you leave your site in this state, the sad reality is that you will get hacked, sooner or later.
What is the real problem here?
If you have no real protection, easy to guess passwords and no backups, it’s like leaving your door wide open. It’s inviting hackers in.
How do you get around this problem?
You get around this by at least taking the most fundamental steps toward security. I’ve blogged about these issues before, but in summary:
- Don’t use Admin as your administrator username.
- Have hard to guess passwords (WordPress will generate these for you).
- Keep your WordPress version, themes and plugins up to date.
- Install a security plugin like WordFence.
For more detail on each of these, check out my other articles on security on my blog: http://wptrainingnow.com/blog
How do you cope with the problem if you've already been blocked by it?
If you've already been hacked, then this how you get started again. First, take a deep breath and don’t do anything precipitative.
You first need to establish the extent of the hack. You can use the free scanner from Sucuri: http://sucuri.net/scanner . This will let you know if there is any malware on your site. If there is malware, at least you know in which direction you need to go. You will know that you have to get it cleaned up. But you need to be cautious - just because there is no malware does not mean you have not been hacked!
Secondly get in touch with your hoster, as if your site has been defaced, you will need them to take it offline. Your hoster will then either be able to clean up your site, or recommend specialists to do this for you. A word of warning - this may well be chargeable. Two reputable specialist cleanup organisations are Sucuri and SiteLock.
Barrier No. 3: Not Having a Robust Enough Backup Strategy
Why is it a barrier?
This is a barrier because no matter what preventative measures you have, hackers may still be able to get through your protection.
What is the problem here?
If you don’t have a robust backup strategy, if you get hacked, you can lose everything. It's the reason cars have a spare tyre in the boot. You will eventually get a puncture and if you have no spare, your journey is over. If you do have a spare, it's just a case of swapping the tyre out.
It's exactly the same with backups. You just use the backup to overwrite your hacked site, leaving it clean and ready to use.
How do you get around this?
You need a backup strategy that backs up your site on a regular basis, and that holds those backups away from your site. That way, if your site is totally wiped – and this does happen – you can restore from the last viable backup that your backup system has available.
The alternative – storing your backups on your site is convenient until you lose your entire site!
How do you proceed if you have no backups?
Sadly in this case you may well be looking at rebuilding your site from scratch. And this will undoubtedly involve time and money.
Of course, you may not have to start from nothing. You may still have your hosting, your autoresponder account and some of the content of your site held locally on your PC. So it may not be quite as painful as recreating it absolutely from scratch.
Summary: WordPress Security Tips
Now you know the top three WordPress security tips that WordPress website owners can benefit from. You know what the biggest problems are, and you know how to build momentum again if you've already been stuck down by one of these problems.
If you’ve been affected – or just want to make sure you’re not affected, I'd like to invite you to cut to the front of the line to find the protection you need for your website. I’ll give you a free security consultation, identify your potential liabilities and recommend changes.
All complementary – just contact me here: https://www.wptrainingnow.com/blog/contact/
WordPress Website Creation With Alun Richards
WordPress Website Creation With Alun Richards. Here's a video I created so that people who may perhaps benefit from my services know what I am able to offer them.
In an interview recently, I was asked who my customers are and what I provide to them. This got me thinking about my recent clients and what they are seeking.
It turns out there was a clear pattern, as this short video and transcript shows. So if you have a small business that wants to grow and needs more online exposure, perhaps we should be talking.
So have a look at the video and see what you think.
The notes below refer to each slide in the presentation.
WordPress Website Creation
1. About Alun Richards Who is Alun Richards What Does He Do?
2. Who Are You? I provide websites for small business. Websites and online strategy services to help small businesses grow their business and to gain greater exposure.
3. I use WordPress to create websites. I use social media strategies to increase the ‘know, like & trust’ with people, for people who engage me.
4. What Are Your Services? My services go all the way from strategy right through to implementation. Strategy Design Implementation
5. Who Are My Customers?
6. They are mainly small businesses. Increasingly I’m dealing with a lot of NLP practitioners, therapists, trainers.
7. They are kind of one person one-man-band- type people, who want & need more exposure.
8. They don’t have the resources, or the technical capability to do it. So I provide as much help as they need.
9. My work is virtual. I provide my services at a distance. I work on my own - I’m a one-man band.
10. I provide all of my services myself. I don’t collaborate with anybody in providing my services.
11. You said, “Well, actually you probably collaborate with your clients.” And I think that’s true.
12. What Do My Customers Want? Sometimes I provide a lot of services to my clients. Because some clients really don’t want to get involved with technology at all.
13. And others don’t want to get involved with the strategy, or marketing.
14. So I provide a lot of those services (strategy & marketing). Other people are more than technically capable to put their blog and other things together.
15. But you might desire certain services around the outside. So I have a continuum of services that I provide to people.
16. Who Do I Want To Hear From?
17. The people who can benefit the most are people who’ve got a small business. Those who want to grow their business and gain greater exposure.
18. Who Are My Customers? They might be: • Therapists, • NLP people, • People in self- development.
19. They have a small business and they want to develop it. They can e-mail me: [email protected]
20. Who Do I Want To Hear From? There’s a contact form on alunloves.it/contact Put their name and e- mail, and say, “I’d like to contact you”. And I’ll get back in touch with them.
21. I’m available on Facebook facebook.com/alunhrichards if people want to find me there. You’ll find me on Twitter as well: @alunrichards
If you'd like to know more about WordPress website creation and whether I'm able to help you, just contact me on http://wptrainingnow.com/blog/contact
I Get Interviewed!
I'm normally on the other end of the microphone, but this time I've been interviewed by Judy Rees, who specialises in collaboration and the use of metaphor.
In our interview Judy explores how I collaborate with my clients to ensure they get what they need. You'll find the podcast audio itself together with a full transcript.
Please feel free to share on social media using the buttons below.
Check it out here: Alun Interview
WordPress Security Scan – 3 Fundamental WordPress Security Tips
Do you have a WordPress website and want to know what the major security vulnerabilities are? Do you know the three minimum viable steps towards WordPress security that every WordPress website owner should know? Ever had a WordPress security scan?
This article is about WordPress security and getting the maximum protection for the minimum outlay.
You're a WordPress website owner and you’re probably concerned about hacking – and who wouldn’t be? In this article I share vital tips you must know to be properly protected against hackers. To ensure your website is not hacked and you lose everything, you need to read this article immediately to take your WordPress security to the next level.
WordPress Security Tip No. 1: Get the Free WordFence Plugin
Why is this important?
You need something to stop brute force attacks – the repetitive trying of different passwords over and over again. This is a very common tactic amongst hackers. The great thing is that you can protect against this sort of attack for free.
What is the tip?
The tip is to get hold of the WordFence plugin. WordFence does a number of things for you to improve your security, and one of them is to act against brute force attacks. It limits hackers guessing your password by locking them out after a number of failed attempts.
It also detects changes to your WordPress code, plugins or theme – which can be a sign of a malware attack. It monitors access attempts and the paid version even allows you to block specific countries and IP addresses which show signs of repeated hacking attempts.
How to implement WordFence
To implement WordFence, just go to the WordPress plugins site, search for the free WordFence plugin, download it and install it. You can even do this from within your WordPress site. Just go to the plugins tab, click ‘add new’ and search for Wordfence. When it shows up in the search results, click to install it.
This tip is priceless because …
For the outlay of precisely zero Dollars, Pounds or Euros you can protect your website against hackers. It’s not the whole solution, but as a zero-cost option, it’s one you should have in place.
WordPress Security Tip No. 2: Have Hard to Guess Usernames and Passwords
What is the tip?
This tip is simply to have hard to guess usernames and passwords for your WordPress backend. Yes, I know, am I really spending time sharing this with you? Yes I am, because it’s vital.
Why is it important?
This tip is important as it’s a security tip that won’t cost you anything, yet will pay dividends. And it’s the first thing a hacker may try to gain access to your site, as it’s the least amount of effort for them.
It’s frightening how many sites have an admin username of ‘admin’ and a password of ‘password’ or ‘test1234’ or even ‘12345678’. If you have a username and password this easy to guess you may as well have no security at all.
You may not see this as a problem, but as soon as you install WordFence, you’ll see just how many failed attempts at guess your password you get every day.
So how do you implement this tip to get better WordPress security?
WordPress will generate a very hard to guess password for you – you just need to ask it to! And if you have an admin user called ‘admin’ set up another admin user with a harder to guess username then delete the original one called admin.
WordPress Security Tip No. 3: Get Your Site a Robust Backup Plan
Why is this important?
No matter how good your security, a determined and skilled hacker can still get access to your site. Therefore you need a robust backup strategy so you can quickly and easily restore your site.
The alternative, once your site has been wiped out, is to rebuild your site from scratch, with all the cost, inconvenience and delays associated with that.
And this does happen, regrettably with increasing frequency.
What is the tip?
So whatever backup system you choose to use, you must have a reliable backup system in place. There are a number of systems around, but there will be one that suits your budget and needs.
How do they implement this tip to get better WordPress backup results?
For many people running WordPress, I now recommend VaultPress. It’s a backup system run by Automattic, the people who write WordPress itself. It’s robust, trusted and affordable.
Just seach for VaultPress, select the option that’s right for you, and once VaultPress takes its first backup, you’ll be protected.
Vital Bonus Tip - Get a WordPress Security Scan!
Now that you've got the three important tips for WordPress backup success down, I'd like to invite you to get even MORE advanced help with my bonus tip.
What is my bonus tip?
Many hackers gain access to your site through an out of date copy of WordPress. Older copies of WordPress have been found to contain vulnerabilities that hackers exploit. When WordPress identifies these vulnerabilities, a new version is issued. And, as with all WordPress code, this update is free.
If however your WordPress is not updated to the latest version, you can be leaving an easy access door available for any hacker. Many of the recent hacks are due to out of date WordPress code.
What’s true of WordPress versions is also true of your theme. Your theme, if not at the latest level, can be a source of attacks.
And what’s true of WordPress and your theme is even more true of outdated plugins.
Keeping Everything Updated
The trouble is, keeping WordPress, your theme and all your plugins up to date is a considerable drain on your time. If you miss an update, your site can be vulnerable. And the longer you leave it, the more threat it poses.
Is there an answer?
I response to this problem, I offer a cost-effective service to ensure your WordPress website is up to date. I carry out a WordPress security scan of your website. That’s WordPress itself, your theme and all your plugins.
And I don't just do this once, I do it regularly. I actively monitor your site and take action to update any component that is out of date and hence a vulnerability.
Next Steps - WordPress Security Scan
If you're a WordPress website owner who wants to ensure you always have the latest version of WordPress, each plugin and theme then get my WP Maintenance Service - NOW!
Click Here For More information: http://wptrainingnow.com/blog/wp-maintenance
(Red alert) Don’t trade one job for another
Have you ever heard advice like this?
Pursue your passion and the money will follow
Spend a couple of years writing a book (yuck)
Just setup a squeeze page and the money will roll in
Serve a real marketplace need and you'll have all the money you'd ever need
Just get your message out there
Technically, that is all correct advice. But haven't you heard that advice at least 10-20 times? Aren't those just 25 second "canned response" sound bytes that sound good but don't mean much?
It's like the Wizard of Oz ... you're impressed until you see the man behind the curtain ...
I've got tired of hearing the old advice:
- choose a niche
- follow your passion
- build it and they will come
- go big or go home
Did any of this work for you? I wanted to find out if it was really possible to:
- put in just an hour or so a day and that's it
- start completely over from scratch (not use my existing list)
- create a full time income out of thin air
BECAUSE... many entrepreneurs (sadly) trade in a £6,000 (or more) per month job with included health insurance, pension, travel expenses and moving expenses ...
But when they make an "attempt" to work from home, they put in 12 hour days just to eek out £1,000 a month, and that's before 20% self-employment taxes, no more pension, all that extra admin... and they've now traded a six figure income for a minimum wage income, without even realising it!
Don't be another statistic. Don't trade one "J.O.B." for another... just check this out instead:
WordPress Security Check – Security Tips For All Website Owners
Want a quick WordPress security check? Do you want to know the three vital WordPress security tips every WordPress website owner should know to have your site secured against hackers? This article is about taking the minimum viable steps to WordPress security. This means the minimum outlay with the maximum protection.
You're a WordPress website owner and you’re probably concerned about hacking – and who wouldn’t be? In this article I share three vital tips you must know to be properly protected against hackers. To ensure your website is not hacked and you lose everything, you need to read this article immediately to take your WordPress security to the next level.
WordPress Security Tip No. 1: Get The Free WordFence Plugin
Why Is This Important?
You need something to stop brute force attacks – the repetitive trying of different passwords over and over again. This is a common tactic among hackers. The great thing is that you can protect against this sort of attack - and for free!
What Is The Tip?
The tip is to get hold of the WordFence plugin. WordFence does a number of things for you to improve your security, and one of them is to act against brute force attacks. In simple terms it limits hackers guessing your password by locking them out after a number of failed attempts.
It also detects changes to your WordPress code, plugins or theme – which can be a sign of a malware attack. It monitors access attempts and the paid version even allows you to block specific countries and IP addresses which show signs of repeated hacking attempts.
How To Implement WordFence
To implement WordFence, just go to the WordPress plugins site, search for the free WordFence plugin, download it and install it.
You can even do this from within your WordPress site. Just sign in to your WordPress Dashboard, go to the Plugins tab, click ‘Add New’ and search for Wordfence. When it shows up in the search results, click to install it.
This Tip Is Priceless Because …
For the outlay of precisely zero Dollars, Pounds or Euros you can protect your website against hackers. It’s not the whole solution, but as a zero-cost option, it’s one you should have in place.
WordPress Security Tip No. 2: Have Hard To Guess Usernames And Passwords
What Is The Tip?
This tip is simply to have hard to guess usernames and passwords for your WordPress backend. Yes, I know, am I really spending time sharing this with you? Yes I am, because it’s vital.
Why Is It Important?
This tip is important as it’s a security tip that won’t cost you anything, yet will pay dividends. And it’s the first thing a hacker may try to gain access to your site, as it’s the least amount of effort for them.
I read a report on computer security last week. It’s frightening how many sites have an admin username of ‘admin’ and a password of ‘password’ or ‘test1234’ or even ‘12345678’. In fact the most common username and password combination is 'username' and 'password'!
If you have a username and password this easy to guess you may as well have no security at all.
How Do You Implement This Tip To Get Better WordPress Security?
WordPress will generate a very hard to guess password for you – you just need to ask it to! Sign into your Dashboard and go to the Users tab. Click on the user you want to change. About half way down the screen is an option to change your password. Allow WordPress to recommend one for you. This will be neigh on impossible to guess.
And if you have an admin user called ‘admin’ set up another admin user with a harder to guess username then delete the original one called admin.
WordPress Security Tip No. 3: Get Your Site a Robust Backup Plan
Why Is This Important?
No matter how good your security, a determined and skilled hacker can still get access to your site. Therefore you need a robust backup strategy so you can quickly and easily restore your site.
The alternative, once your site has been wiped out, is to rebuild your site from scratch, with all the cost, inconvenience and delays associated with that.
And this does happen, regrettably with increasing frequency.
What Is The Tip?
So whatever site you have, you must have a backup strategy. And whatever strategy you choose to use, you must have a reliable backup system in place. There are a number of systems around, but there will be one that suits your budget and needs.
How Do You Implement This Tip?
For many people running WordPress, I now recommend VaultPress. It’s a backup system run by Automattic, the people who write WordPress itself. It’s robust, trusted and affordable.
Just open a web browser and search for VaultPress, select the option that’s right for you, and once VaultPress takes its first backup, you’ll be protected.
WordPress Security Check - Bonus Tip
Now that you've got the three important tips for WordPress security success down, I'd like to invite you to get even MORE advanced help with my bonus tip.
What Is My Bonus Tip?
Many hackers gain access to your site through an out of date copy of WordPress. Older copies of WordPress have been found to contain vulnerabilities that hackers exploit. As soon as WordPress identifies these vulnerabilities, they issue a new version. And, as with all WordPress code, this update is free.
If, however, you do not update WordPress to the latest version, you can be leaving an easy access door available for any hacker.
What’s true of WordPress versions is also true of your theme. Your theme, if not at the latest level, can be a source of attacks. And what’s true of WordPress and your theme is even more true of outdated plugins. Plugins are great, and add functionality to your WordPress site.
So you must keep your WordPress version, theme and all plugins updated to the latest level.
Keeping Everything Updated
The trouble is, keeping WordPress, your theme and all your plugins up to date can be a considerable drain on your time. If you miss just one update, your site can be vulnerable. And the longer you leave it, the more threat it poses.
Is There An Answer?
In response to this problem, I offer a cost-effective service to ensure your WordPress website is up to date. I will ensure your site stays up to date. That’s WordPress itself, your theme and all your plugins. I monitor your site and take action to update any component that is out of date and hence a vulnerability.
WordPress Security Check - Next Steps
If you're a WordPress website owner who wants to ensure you always have the latest version of WordPress, each plugin and theme then get my WordPress maintenance service - NOW! It's just £5 per month for each site.
Want a WordPress Security Check?
Click Here To Get Covered By My WordPress Maintenance Service:
http://alunloves.it/wpmaintenance
WordPress Backup Entire Site – Why You Need Backups
Why have WordPress backup your entire site? I'd heard about backups and the importance of having a backup strategy for many years before actually having one. I regretted waiting as long as I did, because in the meantime I lost websites and I lost files.
If I had simply run a backup every week I would not have had to worry about lost information. I wouldn't have to worry about getting hacked - and my goodness this is on the increase! All my content would have been safely stored in a backup somewhere.
If you are hesitating about getting a WordPress backup strategy, or even hesitating about buying a WordPress backup plug in, consider the time wasted. Consider the leads and payments coming in everyday to your business. Consider the hard earned content that you spent a lot of time creating such as video. Now think - if you spent two minutes a week backing up your WordPress site then that's time well spent. You're safeguarding against anything that might have gone wrong.
You Don't Backup Your Site?
On the other hand, if you don't backup and you have a website online for three years. Then the site for some reason goes down and you don't have that site. Now you've lost three years of your life. Is it worth it to put in two minutes a week to save three years of your life? I think it is and if you have that attitude then you really won't mind getting a backup plugin, using a backup plug in and creating backups on a regular basis.
Do You Take Money Via Your Site?
Are you selling products or using WordPress as a shopping cart or as a membership site? Then you need to make sure that people who have paid for things still get access to them. If someone is paying me on a recurring monthly basis and the site goes away, not only have I lost my site, I've lost my monthly recurring income.
In many cases there's no way to get it back. If someone is paying you on a recurring basis and there is a certain transaction ID and a certain number associated with that person paying you month after month. It's very difficult to set up the site exactly the way it was and associate that person paying monthly to that user account they had on your WordPress site.
Why Not Just Backup?
On the other hand, if you had made a WordPress backup after that person starting paying you monthly then you can restore that backup. Now when they're paying you monthly they still get credit for those payments they are making for you.
Have you ever recorded a one hour or two hour, or a three hour video only to accidentally delete it or find out it wasn't recording properly? I have and it's even worse when it's the best video you've ever made. To have it come out perfectly and be online, and everyone loves it but then you accidentally delete it or something happens to it.
If however, you've backed up that video and restored it later, you can get it back and it'll never go away. You'll never lose it no matter what from this point in time forward.
WordPress Backup Entire Site
There are several options that are open to you. There are many backup tools, some free, some technically quite complex and more suited to programmers than bloggers. The free solutions don't have any support, so if you find you have a problem, you're on your own. Not really what you want when you need to restore your site urgently.
So what do you need? I recommend a solution that backs up your entire WordPress site. That way, if you're hacked you can just replace everything at once. I recommend having your backups offsite - preferably at more than one location. Having at least one copy offsite is vital, as if your hosting account is compromised, you can lose everything - backups and all.
I use two backup solutions and I'm happy to advise what's the best solution for you. But the first step is up to you. And it is ...
Decide To Have a Backup Strategy!
Go ahead right now and decide to get a backup strategy - because you know you need it. You know that otherwise you're going to waste time, you're going to lose money and you're going to lose your best content.
If you'd like a chat about the best way to get this implemented, just contact me here:
http://alunloves.it/contact
