October is Cyber Security Awareness Month, and now is a great time to talk about site security and the pitfalls that can often lead to hacking. WordPress is unquestionably one of biggest names amongst website builders, powering an astonishing 32 percent of websites on the net. However, having over 400 million people viewing more than 20 billion pages each month means WordPress is a massive target for hackers.
With all of this in mind, here’s a list we’ve complied of some common Beginner Mistakes behind site hacking and how to prevent them.
Unmanaged/Unsafe Website Hosting
Websites across the net are all hosted on web servers, and it should go without saying, that it is crucial to choose a hosting company that properly secures its platform. Many websites also happen to be hosted on shared servers, where accounts all utilize the same CPUs and memory. If any one site on a shared server is hacked, any data on your site can easily be accessed, even if done indirectly. In other words, it’s important to choose the right website hosting company, because the consequences of not doing so is literally leaving your website susceptible to unknown hacking attempts. Here is a list of a few of the most popular and secure hosting sites:
*We use WPEngine for all of our WordPress hosting and we highly recommend them!
Outdated and Forgotten Plugins
WordPress at its core is a very secure platform; however, due to how easy it is to extend WordPress through plugins, admins will often do one of two things: 1) install a plugin and either use them for a short time and don’t remove it or 2) not keep said plugin up to date. It is extremely common for hackers to look for and often exploit weaknesses in plugins typically through XSS (Cross Site Scripting).
As security vulnerabilities are discovered, the details of the exploitable code are published on the internet. This is where hackers are quick to write code that will give them access to your files, content, and data. Plugin bugs, exploits, and security flaws are constantly discovered, and developers are often quick to provide updates against them. Considering all of this, it is crucial to see why updating plugins and themes on a regular basis is so important. A useful tool to help with all things plugin related is the WordPress Codex section on Managing Plugins. If you are the type of person that likes to set it and forget it, you can always use a plugin like Jetpack along with a wordpress.com account to set your plugins and themes to auto update (see pro tip below)
Pro Tip: We recommend updating your plugins on a staging environment first! This allows you to test and confirm all updates are good to go.
Lack of Proactive Website Security
Hackers tend to generally attack sites that are easy targets. Using Sucuri is a great way to protect your site and make it difficult for hackers to gain access to your data. As its name suggest, Sucuri is a security company specializing in WordPress security. It offers a range of services such as: malware scanning, blacklist monitoring, and security hardening, as well as prevention from various attacks. Sucuri even goes as far as offering a website firewall, giving users various avenues on the road to website security. Sucuri and other service providers can help with active scanning of your website files or provide a WAF (Web Application Firewall) to help prevent exploits before even getting to your hosting. Cloudflare is also another great free WAF provider
Though it is easy to fall into the trap of using the same password across multiple platforms, it is highly inadvisable. It’s important to make sure you use strong passwords that are difficult to guess. Some of the ways you can keep your password secure is by doing the following:
- Use a unique password for each site, instead of the same password across multiple sites
- Creating long passwords
- Using a combination of letters, numbers, and special characters
- Changing your password regularly
Pro Tip: To keep it easy, Use a password manager such as LastPass or OnePassword.
Though it may seem daunting, securing your website against hacking attempts doesn’t have to be. One hack could end up costing you an immense amount of financial stress, but following these simple rules can go a long way in protecting your data and content. Check out wpbeginner.com for more information and tips on securing your site against hacking.