Websites are getting hacked more and more. Most of the time the owner would have no clue they were even hacked. Most hacks(backdoors, viruses, worms, ect.) don’t take down your website. They actually use your website to help there websites. Some of the more recent hacks end up making all your search engine traffic redirect to a different website. This will really hurt you pagerank, search engine position, and most of all you revenue. Now unless you are a avid searcher for your domain/keywords, you will never see these hacks. So first off what can you do to protect yourself from getting hacked. There are a few ways that you can protect your self and almost anyone can implement these securities.
Installing Secure Plugins
One of the best ways to stop people from hacking your website is to install some security plugins. There are a lot of free security plugins out there that work great. Here are a couple:
Now these plugins are great they really help you protect your WordPress installation and show you problems involved with your installation.
Backup File And DB
The next thing that you can do to protect yourself is to always have backups of everything. If you have backups of your files and database you can always revert to a older version or move to a different server easily. Here are some great plugins for that:
- myEASYbackup
- WordPress EZ Backup
- WordPress Backup To Dropbox
There are a ton of backup plugins and most of them are really good. This is defiantly something that you want to do because you never know when you are going to have to repair or revert your WordPress site.
File, Folder and User Settings
There are tons of things that you can do with your settings to help protect you from getting hacked. One of the biggest and yet most exploited parts of WordPress is the admin account. I am not talking about all administrators I am talking about the user admin. Most WordPress installations are created with the default admin user. This is something that I would strongly advise in changing. Another thing would be your database prefix. Most WordPress databases are created with the default prefix wp_. This is something that you can change when you first start your website, name the prefix whatever_ your want. You can change this after installation it is just a little bit harder.
Permissions
The default WordPress permissions are files 644 and folders 755. A lot of your files don’t need to have that much permission. For instance your .htaccess file it has a 644 but only needs a 404. Your wp-config.php has a 644 but only needs a 400. There are a lot of files and folders that you can change the permissions to and still have a working site. I would recommend the BulletProof Security plugin from above. It scans your files and informs you of all the files that you can change the permissions on to get better protection.
User Accounts
As for user account you should really limit the use of the administrator account. I would not have more than 5 of these if that many. You really don’t have to give the administrator privilege, in order to change things on the site. You can use the editor, author, or contributor settings for people needing to change information or create posts. Another thing that you can so is add a Captcha or reCaptcha plugin to your site. This will make it so that not everything can create a user account.
Final Thoughts
If you have had issues with hacks I hope that this helps you and your site. If you currently have a hack I hope that you can get it taken care of quick. If you need some help understanding the hack please feel free to contact us.