Help My Website Has Been Hacked! – What Can I Do?
Help My Website Has Been Hacked!
Those are the six words - Help My Website Has Been Hacked! - that all website owners dread saying. But what does it mean, what does a hack entail, and how can you prevent them happening?
Hacking Problems - What Is The Problem?
Hacking is increasing and no-one is immune from hackers attacking their website. In fact, Forbes magazine estimate that nearly 30,000 websites get infected with some type of malware every single day. We’ve heard of the well-publicised large companies that have been hacked.
However, in reality most businesses affected by hackers are small businesses that don’t have sufficient protection against hacking. These include blogs and small company websites. So the question is, what are the problems, and what can you do about them?
A hack is simply someone gaining access to your website and then using it for their own purposes. They may change pages or delete whole sections of your website.
There Are Many Forms of Hack
There are, regrettably, many ways that a hacker can compromise your website. For example, hackers can try common usernames and passwords over and over until they get access. This method is called a brute-force attack.
Others use more sophisticated means – cross-site scripting, or attacking known vulnerabilities in the code on your system.
Once a hacker accesses your site, they often deface it. Defacement, a common hacking technique, is where a hacker puts up a banner or page supporting their political or financial aims. Alternatively, they could redirect your site to a porn site, or to a site selling Viagra or other merchandise.
Reinstating your site can be a costly and time-consuming set of activities. That is if it’s even possible. I have seen hacks recently where hackers have removed every single file on a site. Without backups, you will need to recreate your site from scratch.
So hackers can redirect your site to an undesirable site, or remove it all together. The question is, what can you do to counter these problems?
First Step: Detection - Free Malware Scanner
The security firm Sucuri have a useful free scanner that you can use to check the status of your website. The scan will show whether you have succumbed to many of the common hacks. And it can tell you if the biggest search engines currently blacklist your site.
My Suggested Preventative Solutions
You may be looking for a one-shot solution to prevent hacking. Unfortunately the situation is a little more complex than that. You need to protect your site against the most common problems that attract hackers. And at present, this involves selecting a number of different tools. Here are my biggest recommendations to prevent the hacking of a WordPress site.
1. Have A Robust Backup Regime
The most fundamental thing to have is a good, reliable automatic backup regime. Have one that backs up to at least one place away from your site. The disadvantage of keeping your backups on your site is that if you lose your site totally, your backups go as well.
I used to use my own backup system, but I now recommend VaultPress in preference. Why?
- VaultPress has several options, but I recommend their service that is just $9 per month.
- It's easy to set up and it’s very easy to restore a backup – one click and your site is back.
- VaultPress comes from Automattic – the creators of WordPress.
Their interface is clean and fast to use. It works, and it’s the best I’ve seen. You can sign up at http://vaultpress.com
2. Implement WordFence
WordFence is a free security plugin that protects your site in several ways. It prevents hacking attacks like brute force login attacks by locking out hackers. WordFence detects when someone (eg a hacker) changes core WordPress files, theme files or plugins from their issued versions. It then prompts you to restore the currently issued code from its database.
The free version now comes with a firewall that increases the level of protection you have. And I strongly recommend you implement their firewall.
WordFence will lock out hackers who try to guess your password to get into the WordPress backend.
WordFence is available via the WordPress plugin directory for free.
3. Use SiteLock
SiteLock has several features that you can select to protect your site. I like its SMART tool that automatically scans your site for malware, and, if it finds any, repairs it and sends you a message of confirmation.
If you bear in mind that manual malware cleanup can be very time consuming and expensive, SiteLock is like having insurance against malware attacks. It keeps your site running. Contact me here if you'd like to benefit from the services that SiteLock offer.
4. Purchase WordPress Maintenance
Many people don’t understand the vital importance of keeping the code on your site up to date. This means keeping your WordPress version, your theme and all your plugins updated to the latest version.
The main reason programmers update code is to repair recently uncovered vulnerabilities that could lead to hackers gaining access.
Recent WordPress versions auto-update to the latest version, but you have to update themes and plugins manually. Out of date plugins in particular are an issue. Most WordPress sites use several plugins to provide functionality. The problem is magnified by plugin authors releasing the nature of the problems fixed in a new version. A hacker encountering a previous version then knows what vulnerabilities exist in it.
I can provide you a service where I scan your site every day for out of date code.
http://alunloves.it/wordpressmaintenance
Summary
If you don't want to hear yourself uttering the words "Help My Website Has Been Hacked!" there are steps you can take to avoid hacking. They are:
- Have a robust backup plan
- Use the WordFence plugin
- Use SiteLock
- Buy WordPress Maintenance
It's important to note that nothing will make you completely hack-proof. The most determined hacker will probably get into any site. But it you make it hard for him, like any burglar, he will probably look at easier targets.
Contact me here for a no-obligation chat about WordPress security.
WordPress Security Plugins – The 3 WordPress Security Barriers
Do you know the three biggest WordPress security barriers that frustrate most WordPress website owners? Are you aware that you can resolve a number of these just with WordPress security plugins?
If you're a WordPress website owner who wants to avoid security barriers and take practical steps to make your site hacker-proof, then read this article immediately.
Barrier No.1: I Don't Know If I Have a Problem!
Let’s deal with the most fundamental problem first. Many people suspect that they might have a problem with security but don’t realise the scale of the problem. They don’t know if they are a likely target for hackers or not. They don’t know whether or not their site is already under attack.
Why is it a Barrier?
Ignorance is not bliss. Turning a blind eye to a prevalent problem will not make it go away. Pretending it’s not a problem will not help. Hacking is one of the biggest and most costly problems out there for a website owner. It's vital you take action today to safeguard your site tomorrow. And that starts with discovering whether or not you have a problem.
What is the Real Problem Here?
The reality is that if you have a WordPress site, and especially if it gets a fair amount of traffic, that it may well already be under attack! In fact it's more than likely you site's under attack. You just can’t see it.
I see the results of hacking attacks every day. If you saw what I see, you'd realise the need for urgent action!
How Do You Get Around This?
You need to know a little about WordPress security plugins. You can get around this lack of knowledge simply by installing a free (yes, free!) security plugin.There's one I recommend to all my clients as a first line of defence. It's called WordFence.
Go to your WordPress Dashboard and search for the (free) WordFence plugin. You will need to configure this plugin to change some of the default options. But once you do, you’ll see the scale of the hacking activity that threatens your website.
For example, you’ll be notified about login attempts where hackers attempt to guess your WordPress username and password. This alone is worth getting this plugin for. If you're a bit overwhelmed by the options, just contact me and I can help you.
Barrier No.2: I Don't Know Where To Start
The next barrier I see is people who really don’t know where to start with security issues. Let’s say they have identified there are regular and persistent attempts by hackers to guess their WordPress administrator username and password.
Why Is It a Barrier?
It should be obvious this is a problem that needs to be resolved, but many people don’t know where to start. Again we need to start with objective facts. Your new WordFence plugin will give you loads of information if you let it. But security is not just about installing WordPress security plugins.
How Do You Get Around This Barrier?
After you’ve become aware of the hacking threats that face you by installing WordFence, you can start to configure it to meet your needs. The WordFence plugin will help you here by pointing to your likely security vulnerabilities.
Let’s say, for example, you have left the WordPress administrator username at the default value: ‘admin’. This is the most hacked username, as hackers realise that they can make their lives easier by hacking sites that leave their username as ‘admin’.
With WordFence, you’ll be able to see just how many hackers are trying to gain illicit access to your site in this way every day! You can see if hackers are trying 'admin' as a username. You'd be amazed how many do. This can be frightening and sobering, but there is a solution.
You Get Around This By ...
The way to get around this barrier is straightforward. Set up a new administrator user with a username other than ‘admin’. And give it a secure password – WordPress will do this for you. Now delete the 'admin' username so it can no longer be used.
If both your administrator username and your password are hard to guess, this is likely to block all but the most persistent hackers.
Barrier No.3: I Don't Know What to do After I'm Hacked
Why Is It a Barrier?
It’s best to know the route to sort out a problem before you come across it. That way you don’t waste time and potentially make costly errors.
If you don't know what to do when you’re hacked it can also mean your website is offline for longer than it needs to be. In the worst case, not knowing what to do could mean the loss of your site!
How Do You Get Around This Barrier?
You get around this by initially approaching your hoster. If they’re professional, they will have a service to clean up your site. This may either be included in your hosting fees, or may be an extra charge. Either way it may be cheaper than going to a specialist.
Failing that, there are a number of professional service providers who specialise in WordPress website cleanup. I use SiteLock and WordFence, and some of my clients use Sucuri. There are others out there, but I’d recommend checking out these providers first.
The service you’ll require depends on the nature of the hack, but if you know what cleanup is likely to cost beforehand and where to go, you’re in a much better position.
WordPress Security Plugins
WordPress security is a big and complex topic and can be a bit overwhelming to the uninitiated. There are many services available - and a lot of them are costly. The whole area can be a minefield! If this article has whetted your appetite to discover more about WordPress security plugins and what they can do for you, read on ...
Taking This Further …
Now you know the top three WordPress security barriers website owners face and how to bypass them. So I'd like to invite you to cut to the front of the line to discover what further steps you can take to increase your security of your WordPress site.
As there's more information here than I can cover in a short article, I've put together an free online training to help you. So if you want to make your website secure - so that it doesn’t get hacked - join me on this FREE online training.
This could be the first step in making your site hacker-proof! Click on the link now.
Clone Your WordPress Niche Sites Quickly And Easily Using A Backup Plugin
You no longer need to spend tons of time setting up WordPress over and over throughout the day. I know many people who decide they want to have 10 sites about organic gardening today and using a Backup plugin, they can make that a reality.
I know people who sell websites such organic gardening or real estate and part of the selling agreement is that they will setup the site in a new location. Several years ago, this might have been an all-day or all-week commitment. But now that we can backup and restore a WordPress site somewhere else, it's very easy to copy or in fact move a site containing the exact niche theme, content, and even customization such as navigation or social media buttons.
Cloning Site Considerations
The first thing you should do when you're cloning a niche site or setting up a niche site is to choose a theme that accurately represents it. That means that if you have a site on organic gardening, you want to have a theme that has pictures of things like leaves or tomatoes or fruit that people know just by looking at it that they're at this niche site.
Even though you probably want to have a site that stands out as much as possible, make it look somewhat like other sites in your niche.
Content Is King
The next step is to fill it with content. You may need to buy content or even pay to have it made. Many article writers will write fresh new content for you and you can simply put this into the new WordPress site. When you back it up and restore it somewhere else, this will be duplicated entirely.
What Gets Duplicated?
In addition, people always forget that every single part of this WordPress blog will be duplicated. This means that if people left comments on this blog those will be duplicated. If you added in custom menus or sidebar navigation, that will be duplicated as well. If you have social media buttons such as Facebook "like" button or Twitter "retweet" button, the actual retweets won't get copied but the button allowing people to retweet will very easily.
Summary and Next Steps
Setup your niche theme, fill up your article packs, and get that site filled up. Send traffic to it, get comments, get retweets, fix a navigation so it's easy for anyone to use. Now you're ready to clone that niche site which means you back it up, you go to a new location, you restore it, and now you've copied that niche site somewhere brand new.
If you want advice on this way forward - cloning sites and replicating them - contact me here: Contact Alun and we can have a chat about it.
Features To Look For In a Backup WordPress Plugin
You have a WordPress site, and you're considering a backup WordPress plugin. You've finally decided that it's a good idea to backup your WordPress blog. Now if anything goes wrong you have a copy somewhere at least you can put somewhere else.
But what features should you look for in a WordPress backup plugin?
I've seen many plugins that overload you with features. Tell you it'll backup to Amazon S3, that it will backup to Rackspace, they add all kinds of features. But do you need all these features or do you just need a backup plugin that simply works?
Backup WordPress Plugin Requirements
If you are looking for a backup plugin, here are a few things to consider. Find a company that's got a good reputation in the market and is reliable, with good support. You want them to be around next year in case you have problems.
You may want automation and the ability to backup away from your website. One of my clients had her entire site wiped. If this happens to you and you store backups on your site, you've lost all your backups.
Find one that is easy to use. Some backup plugins require a detailed knowledge of WordPress's database structure and organisation. What's the point in having the best backup plugin in the world if you can't use it, if you don't know what to do?
If you can't find a backup plugin where you can just click on one button then it's useless to you. When you're looking for a backup solution look for those that show screen shots or videos of it in action. Do you have to go through a ten step process, do you have to confirm every step of the way, or can you click on one button and now your WordPress blog is safely backed up?
Finally, pick one that can restore your site somewhere else if you have to.
Backup Frequency
How often should you back up your site? Realise that you're not going to just make one backup of your site and not use it ever again. You should take a backup of your site at least once a month, if not several times a month, and it shouldn't be a chore. It should be something where you go in, you click a button and now you have a copy. Make sure your backup plugin is easy to use.
Can It Restore?
Next, make sure that your backup can actually restore. It sounds silly for me to say that your backup plugin should also restore. But you'd be surprised at how many WordPress plugins simply don't work or are out of date. What you should do is install a backup plugin and immediately take a backup. Then go and install a new blog and see if you can restore that same blog somewhere else.
You'd be surprised at how many backup plugins won't restore. You might be backing up your site every month but if something goes wrong you're in the same situation as if you had not made a backup. Check your backups complete successfully by restoring to a test site.
Can It Clone Your Site?
Your backup plugin should also have the ability to clone your site somewhere else. What's the difference between restoring and cloning? Cloning means that you can backup your site on one location and go to a different website or a different folder and put your site in that new place. All the links, all the information, everything will work just fine.
Why is cloning so important? Because if you want to restore a site you might want to restore it in a different location first just to make sure you don't destroy your original backup, your original site.
Once you can clone sites it means that if you have your site set up exactly the way you want it you can customise your theme, plugins, settings, memberships, all that stuff. Back it up and restore it or clone it in a new location and now you have saved tons of time for yourself.
Backup WordPress Plugin Requirements Summary
When you're looking for a backup WordPress plugin make sure it's one that's easy to use which means clicking one button - or get one that's automatic. In that way your backups can successfully restore and that you've cloned these sites onto other locations.
Buy it from a reputable company that can provide support if you need it.
If you'd like to chat about your specific WordPress backup requirements, contact me via this contact form: Contact Alun
How Often Do You Need To Take A WordPress Backup ?
For many people taking a WordPress backup is a tedious job. Though with a decent backup system it can involve clicking just one button. But of course you have to remember to log into your site, backup the entire site and download the file.
I'm going to assume that you understand the need for having a WordPress backup regime. So that you are backing up your WordPress site frequently.
But really how often do you need to be backing up your site?
WordPress Backup Frequency
The easy answer to that is that you should be backing up your site as often as you update it. How often do you update it? That is how often you should backup.
If you update daily, backup daily. If you update monthly, backup monthly. If it's somewhere in the middle, then decide whether you're going to backup either weekly or monthly.
But make sure that you always backup before and after an upgrade to your WordPress software or before making a major change to your website.
How Often Do You Update Your Blog?
Go back and look at your blog posts and find out how often you update your site. I know people at first will often start updating their WordPress blog on a daily, or even more frequently than daily, basis. Then they'll run out of ideas or they'll run out of content and then die down to perhaps once per month or once a week of updating.
With my blog I normally update it about once per week. Just make it part of your routine and maybe even after making any posts, click the button and backup your blog. That way if the worst happens you at least have everything up until you're more recent blog post.
This presupposes you have a backup plugin paid for, installed and configured.
You might have a multi author site or might update on an irregular basis and if that is your situation I would highly recommend that you add a recurring reminder to your calendar.
Set your reminder either on every Monday morning or the first of every month put an exact time where you're supposed to log into your blog, click the backup and save it somewhere safe. Trust me, you'll thank me if anything goes wrong with your WordPress blog at some point.
When Else Should I Take a WordPress Backup?
In addition to these weekly or monthly backups, be sure to back up your site both before and after an upgrade to WordPress itself. It doesn't happen often, but every now and then, when you upgrade your WordPress software, backup. That way, if a few little things go wrong and if your blog is completely trashed at least you have that backup.
Even if you're not updating, you might be about to make a major change to your blog. For example you may be changing the theme, changing the navigation or changing the content around. In these cases it can't hurt to make one simple backup before anything is touched.
I've been in a situation where I've broken my WordPress blog. I changed too many things and broke it. Then I needed to spend some time carefully updating the WordPress code to recover the site. It would have been much easier to just take a backup, then I'd have a known state to go back to.
WordPress Backup Frequency Summary
Always take a WordPress backup before and after you upgrade and when you make a major change to your site. In addition make it part of your weekly or monthly routine. And remember to back up your blog more often if you update your blog more frequently.
And if you want advice on practical and reliable backup solutions - contact me via my contact form: Contact Alun
Why You Should Backup Your WordPress Blog
There are many reasons to backup your WordPress blog. Of course you need to make sure you always have a copy of it in case something goes wrong.
Your database might crash, you might accidentally delete some of your posts or files, or, more worryingly, you may be hacked.
In any event, you'll need to roll back to an earlier version of your WordPress blog. It's a simple fact that computers fail all the time.
Hardware Failures Are Common
A hard drive might crash out and many people don't realise that your website is simply sitting on a computer somewhere that has all the same problems as your computer. That computer might blue screen, it might not turn on one day, the hard drive might stop. But either way something might go wrong and databases crash all the time.
If the database crashes it might lose the entire thing. It might lose several year's worth of WordPress posts, comments and users.
You Might Have Been Hacked
Worse still, you might have been hacked. No-one is immune to hacking. You can take precautions, and of course you should. Several of my other posts here involve protecting yourself. But if you're hacked, everything might be gone in a single second.
With no backups, you have to start again from scratch.
But if you've backed up your WordPress site you can restore it later on and get access to it any time you want. Even if everything goes wrong, set it up again exactly the way it was.
And even ignoring database crashes you might accidentally delete something. I know I do that all the time. You might delete the wrong comment, the wrong blog post and even empty the trash and never have a way to get that back.
I know that sometimes even my webhost is fixing a database issue and they will delete something without me having to do anything. So even if you think you're perfect and you never make a mistake you might delete something and it's better safe than sorry. It's worth taking those few seconds to backup your WordPress blog so that you can get it back whenever you need to.
Speaking of getting stuff back whenever you need to, would you write a 50 page term paper in Microsoft Word and never save it along the way? Of course not. You might type one page and save it, another page and save it.
Why not treat your WordPress blog like a Word document? Which means you might set up the WordPress theme, now you want to take a backup right at that point. Then add in some extra posts, take a backup right there.
Backup Frequency
Every week take a backup so if you ever need to get back to an earlier part, maybe you made one change to your theme and you liked it, but then changed a graphic and you didn't like it. You want to get back to that earlier change that you backed up your site at every point along the way, you can get back anything you ever need.
That's why you should routinely back up your WordPress blog. So in case your database crashes, you accidentally delete some stuff, or in case you're hacked, you can always go back to an earlier version.
WordPress Security Check – Security Tips For All Website Owners
Want a quick WordPress security check? Do you want to know the three vital WordPress security tips every WordPress website owner should know to have your site secured against hackers? This article is about taking the minimum viable steps to WordPress security. This means the minimum outlay with the maximum protection.
You're a WordPress website owner and you’re probably concerned about hacking – and who wouldn’t be? In this article I share three vital tips you must know to be properly protected against hackers. To ensure your website is not hacked and you lose everything, you need to read this article immediately to take your WordPress security to the next level.
WordPress Security Tip No. 1: Get The Free WordFence Plugin
Why Is This Important?
You need something to stop brute force attacks – the repetitive trying of different passwords over and over again. This is a common tactic among hackers. The great thing is that you can protect against this sort of attack - and for free!
What Is The Tip?
The tip is to get hold of the WordFence plugin. WordFence does a number of things for you to improve your security, and one of them is to act against brute force attacks. In simple terms it limits hackers guessing your password by locking them out after a number of failed attempts.
It also detects changes to your WordPress code, plugins or theme – which can be a sign of a malware attack. It monitors access attempts and the paid version even allows you to block specific countries and IP addresses which show signs of repeated hacking attempts.
How To Implement WordFence
To implement WordFence, just go to the WordPress plugins site, search for the free WordFence plugin, download it and install it.
You can even do this from within your WordPress site. Just sign in to your WordPress Dashboard, go to the Plugins tab, click ‘Add New’ and search for Wordfence. When it shows up in the search results, click to install it.
This Tip Is Priceless Because …
For the outlay of precisely zero Dollars, Pounds or Euros you can protect your website against hackers. It’s not the whole solution, but as a zero-cost option, it’s one you should have in place.
WordPress Security Tip No. 2: Have Hard To Guess Usernames And Passwords
What Is The Tip?
This tip is simply to have hard to guess usernames and passwords for your WordPress backend. Yes, I know, am I really spending time sharing this with you? Yes I am, because it’s vital.
Why Is It Important?
This tip is important as it’s a security tip that won’t cost you anything, yet will pay dividends. And it’s the first thing a hacker may try to gain access to your site, as it’s the least amount of effort for them.
I read a report on computer security last week. It’s frightening how many sites have an admin username of ‘admin’ and a password of ‘password’ or ‘test1234’ or even ‘12345678’. In fact the most common username and password combination is 'username' and 'password'!
If you have a username and password this easy to guess you may as well have no security at all.
How Do You Implement This Tip To Get Better WordPress Security?
WordPress will generate a very hard to guess password for you – you just need to ask it to! Sign into your Dashboard and go to the Users tab. Click on the user you want to change. About half way down the screen is an option to change your password. Allow WordPress to recommend one for you. This will be neigh on impossible to guess.
And if you have an admin user called ‘admin’ set up another admin user with a harder to guess username then delete the original one called admin.
WordPress Security Tip No. 3: Get Your Site a Robust Backup Plan
Why Is This Important?
No matter how good your security, a determined and skilled hacker can still get access to your site. Therefore you need a robust backup strategy so you can quickly and easily restore your site.
The alternative, once your site has been wiped out, is to rebuild your site from scratch, with all the cost, inconvenience and delays associated with that.
And this does happen, regrettably with increasing frequency.
What Is The Tip?
So whatever site you have, you must have a backup strategy. And whatever strategy you choose to use, you must have a reliable backup system in place. There are a number of systems around, but there will be one that suits your budget and needs.
How Do You Implement This Tip?
For many people running WordPress, I now recommend VaultPress. It’s a backup system run by Automattic, the people who write WordPress itself. It’s robust, trusted and affordable.
Just open a web browser and search for VaultPress, select the option that’s right for you, and once VaultPress takes its first backup, you’ll be protected.
WordPress Security Check - Bonus Tip
Now that you've got the three important tips for WordPress security success down, I'd like to invite you to get even MORE advanced help with my bonus tip.
What Is My Bonus Tip?
Many hackers gain access to your site through an out of date copy of WordPress. Older copies of WordPress have been found to contain vulnerabilities that hackers exploit. As soon as WordPress identifies these vulnerabilities, they issue a new version. And, as with all WordPress code, this update is free.
If, however, you do not update WordPress to the latest version, you can be leaving an easy access door available for any hacker.
What’s true of WordPress versions is also true of your theme. Your theme, if not at the latest level, can be a source of attacks. And what’s true of WordPress and your theme is even more true of outdated plugins. Plugins are great, and add functionality to your WordPress site.
So you must keep your WordPress version, theme and all plugins updated to the latest level.
Keeping Everything Updated
The trouble is, keeping WordPress, your theme and all your plugins up to date can be a considerable drain on your time. If you miss just one update, your site can be vulnerable. And the longer you leave it, the more threat it poses.
Is There An Answer?
In response to this problem, I offer a cost-effective service to ensure your WordPress website is up to date. I will ensure your site stays up to date. That’s WordPress itself, your theme and all your plugins. I monitor your site and take action to update any component that is out of date and hence a vulnerability.
WordPress Security Check - Next Steps
If you're a WordPress website owner who wants to ensure you always have the latest version of WordPress, each plugin and theme then get my WordPress maintenance service - NOW! It's just £5 per month for each site.
Want a WordPress Security Check?
Click Here To Get Covered By My WordPress Maintenance Service:
http://alunloves.it/wpmaintenance
WordPress Backup Entire Site – Why You Need Backups
Why have WordPress backup your entire site? I'd heard about backups and the importance of having a backup strategy for many years before actually having one. I regretted waiting as long as I did, because in the meantime I lost websites and I lost files.
If I had simply run a backup every week I would not have had to worry about lost information. I wouldn't have to worry about getting hacked - and my goodness this is on the increase! All my content would have been safely stored in a backup somewhere.
If you are hesitating about getting a WordPress backup strategy, or even hesitating about buying a WordPress backup plug in, consider the time wasted. Consider the leads and payments coming in everyday to your business. Consider the hard earned content that you spent a lot of time creating such as video. Now think - if you spent two minutes a week backing up your WordPress site then that's time well spent. You're safeguarding against anything that might have gone wrong.
You Don't Backup Your Site?
On the other hand, if you don't backup and you have a website online for three years. Then the site for some reason goes down and you don't have that site. Now you've lost three years of your life. Is it worth it to put in two minutes a week to save three years of your life? I think it is and if you have that attitude then you really won't mind getting a backup plugin, using a backup plug in and creating backups on a regular basis.
Do You Take Money Via Your Site?
Are you selling products or using WordPress as a shopping cart or as a membership site? Then you need to make sure that people who have paid for things still get access to them. If someone is paying me on a recurring monthly basis and the site goes away, not only have I lost my site, I've lost my monthly recurring income.
In many cases there's no way to get it back. If someone is paying you on a recurring basis and there is a certain transaction ID and a certain number associated with that person paying you month after month. It's very difficult to set up the site exactly the way it was and associate that person paying monthly to that user account they had on your WordPress site.
Why Not Just Backup?
On the other hand, if you had made a WordPress backup after that person starting paying you monthly then you can restore that backup. Now when they're paying you monthly they still get credit for those payments they are making for you.
Have you ever recorded a one hour or two hour, or a three hour video only to accidentally delete it or find out it wasn't recording properly? I have and it's even worse when it's the best video you've ever made. To have it come out perfectly and be online, and everyone loves it but then you accidentally delete it or something happens to it.
If however, you've backed up that video and restored it later, you can get it back and it'll never go away. You'll never lose it no matter what from this point in time forward.
WordPress Backup Entire Site
There are several options that are open to you. There are many backup tools, some free, some technically quite complex and more suited to programmers than bloggers. The free solutions don't have any support, so if you find you have a problem, you're on your own. Not really what you want when you need to restore your site urgently.
So what do you need? I recommend a solution that backs up your entire WordPress site. That way, if you're hacked you can just replace everything at once. I recommend having your backups offsite - preferably at more than one location. Having at least one copy offsite is vital, as if your hosting account is compromised, you can lose everything - backups and all.
I use two backup solutions and I'm happy to advise what's the best solution for you. But the first step is up to you. And it is ...
Decide To Have a Backup Strategy!
Go ahead right now and decide to get a backup strategy - because you know you need it. You know that otherwise you're going to waste time, you're going to lose money and you're going to lose your best content.
If you'd like a chat about the best way to get this implemented, just contact me here:
http://alunloves.it/contact
WordPress Security Best Practices – How To Thwart The Hackers
You hear people talking about WordPress security best practices - but what are WordPress security best practices? What do they involve, and can you implement them yourself?
You may of course be worried about people getting into your WordPress site. You should be! This article lets you know the ways hackers normally hack your website so you can safeguard against them.
Fortunately computer hacking is not really like you see in the movies. Hackers don't typically plug in a fancy computer and run a bunch of numbers. Usually the way people get into your website is through an out-dated version of WordPress, out-dated plugins or themes with vulnerabilities, and easy to guess usernames and passwords.
Did you know that Al Gore's blog has been hacked, CNN blogs have been hacked, and these all happened because they used older versions of WordPress. But as soon as these high profile blogs were hacked, the creators of WordPress released a newer version that prevented these kinds of attacks.
WordPress Security Best Practices
The good news is that having good protection against hacking is more about putting best practice procedures into place rather than spending a fortune with a security consultant. So what is my advice regarding WordPress security best practices?
1. Keep WordPress Up To Date
One of the biggest vulnerabilities, as we've just seen is with out of date copies of WordPress. That's why it's a very good idea just to keep your WordPress version up to date.
Usually when WordPress fix a problem, it's a small and obscure bug and you can upgrade the latest version in just one click. In your WordPress dashboard, go to the updates area and they will tell you either that WordPress is up to date, or that it needs an upgrade. Click that button and you are good to go.
Incidentally, WordPress is not especially vulnerable to hacking, it's just that as it powers about 25% of the websites worldwide, a lot of people know a lot about it. And hackers in particular, exploit the tiniest vulnerability again and again.
2. Keep Your Plugins Updated
It's no good having an up to date WordPress version if some of your plugins still contain those security holes. If you are really worried about it then do a few Google searches for the plugins you're using on your site and see if anyone has reported security holes or flaws with these plugins or themes.
A widely publicised security hole in the past was due to a WordPress plugin called Tim Thumb. This was a way to resize images in a theme so you could upload a picture or a logo to that theme. Unfortunately, the way that it resized that image allowed someone to gain access to the associated WordPress site.
If you happen to have one of those plugins or themes, all you had to do was do a quick search and update the latest version of that plugin or theme, that fixed the issue. Now on a very-very rare basis, some plugins are simply no longer updated, but if they aren't a Google search will tell you this, that you are using an insecure plugin that has no updates, and in that case it's a good idea to stop using it and find an alternative.
3. Avoid Brute Force Attacks
Even with the most up to date WordPress and most up to date plugins, most hackers gain access to your WordPress by simply guessing your username and password. Trying common usernames and passwords repeatedly is called a brute force attack. For example, by simply trying to login using the username Admin and password Admin, or username Admin and password Test.
So if you have an admin user called admin, we need to correct that. What you should do is delete that Admin user after setting up a user account using (say) your first and last name, and a password containing letters and numbers that no one will ever guess.
One of the security plugins I recommend is WordFence. This forces you to choose a hard to guess password and allows computers who have had repeated attempts at guessing your username and password to be locked out.
WordPress Security Best Practices Summary
In this article I've covered some of the easy ways that hackers use to get into WordPress - and how you can protect yourself against them. In short, keep your version of WordPress up to date, and keep your plugins and themes up to date too. Google the names of the plugins you're planning on using to make sure that there are no vulnerabilities in them. And above all use hard to guess usernames and passwords in WordPress.
Just by doing this you are making your WordPress site harder to hack. And it may be that a hacker will turn his attention to a site that's easier to hack. If you'd like to know whether your WordPress site has vulnerabilities, just contact me for a no-obligation chat here: https://www.wptrainingnow.com/blog/contact/
How To Make WordPress Safe Without Any Plugins
I don't know about you, but when I was first securing my WordPress blog, and I was researching to see what others were doing to keep their blog safe, I found so much information that I was completely confused. And some of the information was in fact over the top or supersticious. People told me to rename this file, rename this folder and install these ten plugins. It seemed to be quite a bit of work and effort.
An easy way to keep WordPress safe is to use a few built-in tools. First of all, don't allow people to list the files in your folders, run a web host security scan and automatically backup your entire web hosting account.
By default, the latest version of WordPress is pretty darn secure. Anything that might have been added to any WordPress security plugins has been considered by the development team of WordPress. In the past, WordPress did have holes but now most of them are filled up.
The first thing you should do is check your various folders. For example, your WordPress blog has folders, such as wp-content, wp-admin, wp-includes. So if you went to your site /wp-content in a web browser, what shows up? Does it list all the folders and files in that folder? And if so, all you have to do is upload a blank file named index.html into that folder to make sure that no one can view it.
What if you go to wp-content/plugins, can you view that folder? If so, upload that blank index.html file into that folder as well so people can't view what plugins you have. Because even if your current version of WordPress is up to date, if you are using an old plugin or a plugin with a security hole, someone can use that to get access.
Next, most web hosts in the cPanel area allow you to run a security scan and see if anyone has injected any bad code that may be used to grant an authorized access, send emails, or something like that.
Just run that web host security scan and see what comes up, and if anything comes up that looks out of the ordinary or you are not sure of, contact your web host and see what they think. And whether or not you find anything bad, automatically backup your whole account. In cPanel you can backup your entire web hosting account and save it to your hard drive so that even if something goes wrong at some point, at least you have a back up copy of everything that's there.
Those are three very simple things you can do to keep WordPress safe without plugins. Put a blank index.html file in your folders, run your web host security scan and backup your entire account.
