WordPress Security Tips – Avoid The 3 Biggest Problems

time February 28th, 2016 Tags:
time Posted in WordPress backup, WordPress Security, WordPress security tips
WordPress Security Tips

Want some usable WordPress security tips? Hacking is on the increase. You only have to watch the news to see that even major corporations are not immune. If they can be hacked so easily, what chance do you have?

Do you know the three biggest security barriers that block so many WordPress website owners? The ones that leave their websites - and business - at risk?

If you're a WordPress website owner who wants usable WordPress security tips and also wants to avoid these barriers to good WordPress security, read on ...

Barrier No. 1: Thinking You Won’t Get Hacked

Perhaps the most pressing problem with security is denial. Believing that that you won’t get hacked – that it just happens to other people. The unfortunate fact is your website probably will get hacked at some stage.

So the first of my WordPress security tips is: the choice is to take preventive action now or pay the price in having your website totally disappear tomorrow. And if you rely on your website for revenue, exposure or credibility, where will that leave you?

Why is it a barrier?

Thinking you won’t get hacked is a barrier because it prevents you from taking the action you need to take.

What is the real problem here?

Let’s be honest here. If you don’t take responsibility for the security of your websites, then regrettably, it will cost you in terms of money, reputation and time. And most probably all three.

How do you get around this problem?

You get around this problem firstly by adjusting your thinking. It probably will happen sooner or later, so it’s best to put steps in place to cope with it without impacting your business.

Then you need to assess the risk and then taking appropriate action. To assess the potential risks you can research the prevalence of hacking online. You can discover the results of your website being hacked. And you can see how often it happens these days. Then you can assess what steps you need to take to prevent these types of action.

How do you deal with this if you’ve already been hacked?

If you've already been hacked, there may be things you can do about it. Your hoster may have a single backup of your site, taken in the last week. If this is uncorrupted and hack-free, then you could be in luck. But don’t rely on it. It is not a replacement for a robust backup strategy.

In the worst case, if you have no backups and neither does your hoster, you may be faced with getting your site recreated from scratch.

Barrier No. 2: Not Putting Basic Protection In Place

Why is this a barrier?

You don’t leave your house door unlocked when you leave your house, do you? Yet so many people have insecure passwords, no firewall and no protection against brute force hacking attacks.

If you leave your site in this state, the sad reality is that you will get hacked, sooner or later.

What is the real problem here?

If you have no real protection, easy to guess passwords and no backups, it’s like leaving your door wide open. It’s inviting hackers in.

How do you get around this problem?

You get around this by at least taking the most fundamental steps toward security. I’ve blogged about these issues before, but in summary:

  1. Don’t use Admin as your administrator username.
  2. Have hard to guess passwords (WordPress will generate these for you).
  3. Keep your WordPress version, themes and plugins up to date.
  4. Install a security plugin like WordFence.

For more detail on each of these, check out my other articles on security on my blog: http://wptrainingnow.com/blog

How do you cope with the problem if you've already been blocked by it?

If you've already been hacked, then this how you get started again. First, take a deep breath and don’t do anything precipitative.

You first need to establish the extent of the hack. You can use the free scanner from Sucuri: http://sucuri.net/scanner  . This will let you know if there is any malware on your site. If there is malware, at least you know in which direction you need to go. You will know that you have to get it cleaned up. But you need to be cautious - just because there is no malware does not mean you have not been hacked!

Secondly get in touch with your hoster, as if your site has been defaced, you will need them to take it offline. Your hoster will then either be able to clean up your site, or recommend specialists to do this for you. A word of warning - this may well be chargeable. Two reputable specialist cleanup organisations are Sucuri and SiteLock.

Barrier No. 3: Not Having a Robust Enough Backup Strategy

Why is it a barrier?

This is a barrier because no matter what preventative measures you have, hackers may still be able to get through your protection.

What is the problem here?

If you don’t have a robust backup strategy, if you get hacked, you can lose everything. It's the reason cars have a spare tyre in the boot. You will eventually get a puncture and if you have no spare, your journey is over. If you do have a spare, it's just a case of swapping the tyre out.

It's exactly the same with backups. You just use the backup to overwrite your hacked site, leaving it clean and ready to use.

How do you get around this?

You need a backup strategy that backs up your site on a regular basis, and that holds those backups away from your site. That way, if your site is totally wiped – and this does happen – you can restore from the last viable backup that your backup system has available.

The alternative – storing your backups on your site is convenient until you lose your entire site!

How do you proceed if you have no backups?

Sadly in this case you may well be looking at rebuilding your site from scratch. And this will undoubtedly involve time and money.

Of course, you may not have to start from nothing. You may still have your hosting, your autoresponder account and some of the content of your site held locally on your PC. So it may not be quite as painful as recreating it absolutely from scratch.

Summary: WordPress Security Tips

Now you know the top three WordPress security tips that WordPress website owners can benefit from. You know what the biggest problems are, and you know how to build momentum again if you've already been stuck down by one of these problems.

If you’ve been affected – or just want to make sure you’re not affected, I'd like to invite you to cut to the front of the line to find the protection you need for your website. I’ll give you a free security consultation, identify your potential liabilities and recommend changes.

All complementary – just contact me here:  https://www.wptrainingnow.com/blog/contact/

CLICK HERE: Discover a New Solution To Keeping Your WordPress Site Up To Date

You can follow any responses to this entry through the RSS 2.0 feed. Responses are currently closed, but you can trackback from your own site.

Comments are closed.