There’s one fact of life if you own a website or websites, especially if they work on the WordPress platform and that is, it’s not a question of if your site or sites will eventually be hacked, it’s merely a question of when.
A frequent method of attacking WordPress based sites is via a brute force attack where the hacker (or more usually a bot) has multiple attempts at guessing your login password, this is made a lot easier for the potential intruder if you’re still using the default word ‘admin’ as your user name and even easier still if you’re using dictionary based terms for the password. Even foreign spellings of common words aren’t safe – and as for merely using ‘password’ or 1234, or a date of birth, forget it, you’re asking for trouble.
There are other methods too, see the video below, which details a plugin that helps to prevent some of the other methods of attack, namely exploits.
It’s extremely difficult, if not almost impossible, to protect your WordPress site 100%, but that doesn’t mean you should casually dismiss its security, because as stated above, an unprotected WordPress site is like leaving the door to your home unlocked.
You can begin the protection yourself by installing the free version of Wordfence, although there is a premium version, full details on their website.
The video above is placed on here to purely show you how easy it can be to hack a site and was created by the WP Site Guardian plugin – there’s nothing wrong with that piece of software but the Wordfence (free version) does what it does and more, so personally, I’d say use Wordfence instead.
Click any of the highlighted links to go to their respective websites, they will open in a new tab in your browser so you can return to this page if you wish.
A word of advice, Swift Security is extremely easy to set up, activate it and that’s more or less it, Hide My WP has the advantage of using progressively stronger levels of security, so you can experiment by beginning with the lowest security setting and increase from there, that said, Swift makes a lot of changes as soon as activation takes place, so just to be on the safe side it’s a very good idea to create a backup of your site prior to installing/activating this, or any other type of security plugin. If anything does go wrong, in a worse case scenario, you can then restore with ease.
The main thing is not to have tons of plugins on your site, more plugins can not only affect your sites loading abilities, but the more plugins you have – the more chance of incompatibility issues as well.
Possible issues with security plugins is most certainly not an excuse to fail to install such items of software, all I’m saying is take a back up regularly (which you should be doing anyway as a matter of course) and certainly before you activate any type of security plugin so if anything does go wrong you can re-install with the minimum of fuss.
Incidentally, your host may very well provide automatic backups with certain hosting plans – ask if you’re uncertain, but if not, you can copy your sites via cPanel, WPTwin, Backup Buddy, or a free plugin such as Duplicator, so in the event that you are hacked one day, which is still possible, even with more security than many have, at least you’ll be able to restore your site quickly and efficiently, with the minimum of downtime.
All backups should be hosted somewhere other than on the site which has been copied, i.e., place it in Dropbox, an external hard drive, or your computer’s hard drive if you have nothing else – and it has anti virus/security measures installed, Kasperskey is generally regarded as excellent and they have a Mac and Windows version too.
By the way, if you’d like a free SSL certificate for your site which helps (amongst other things) to enhance your site’s SEO and security, I’ll show you to how to do this on my next post.
SSL allows you to have the prefix https to your site rather than the normal http, these normally cost anywhere from $12 to $27 + per year, my method shows you how to get them free.
Incidentally, none of the links above are my affiliate links.
Trust that helps, any queries, send me an email.