Do you have a WordPress website that is not actively maintained? Is there someone checking on the website at least once a week?
If you have a WordPress website and your answer to the 2 question above is no, then please do these 3 things immediately.
But why? My website is simple, it does not have much traffic and my company is not a lucrative target because we are not that big. Right?
Well, I can tell you from experience that the internet is a rather dangerous place and it seems to be getting more dangerous. We run security plugins that monitor and block malicious attempts to log in to the backend of the website and we see attempts on even the most innocuous websites and domain names. So yes, you need to secure your website now.
Fortunately, you can take these 3 easy steps to harden your website such that the bots will go pick on easier targets. These 3 things won’t make your website super secure but it will turn the bots away. It would not stop a determined hacker but at least your site won’t fall into the easy target category our low hanging fruit category.
- UPDATE EVERYTHING
Login to the backend and update everything! Update WordPress, themes and plugins. And while you are at it, delete unused plugins and themes. If you do not have cpanel access, you can download a plugin called WP File Manager and use it to go to your wp-content folder to get rid of the unwanted WordPress themes that gets added when you update WordPress. Don’t keep them.
2. INSTALL A SECURITY PLUGIN
There are several good plugins, I recommend Wordfence or i-themes security. For any sites that has an online store, please use the premium version of the plugin. For those static sites with little content, a free version would work great. Drop me a message if you want to know the options to select for Wordfence and I can send you a setup file that will save you a bunch of time.
3. CHANGE YOUR ADMIN ACCOUNT
If you are still using an ID of Admin for your admin account, please change it! You can just simply create a new administrator user account under a username other than ADMIN and then delete the “ADMIN” account. You will notice that under Wordfence, you can immediately block IP addresses that try to use Admin to log in. This is what I mean by low hanging fruit. This is the first account name that bots are programmed to use to test for vulnerability.
So yes, just do these 3 things to secure your WordPress website and keep it updated! If you find that you are having a problem already, i.e. your site stopped working or it is very slow etc, then there may already be a breach in your site. In that case, you need to scan and remove the malicious files before you implement the 3 steps above.
If you need help with your site, we have an emergency service that can help you to revive your site. Contact us for more information.