On the 18th of December 2017, the cyber world witnessed one of the largest web security attacks in years. Wordfence, a security firm, reported that hackers launched such a massive brute-force attack that close to 190,000 WordPress websites were attached each hour.
Wordfence found that a single botnet was behind the attack. Hackers were then able to remotely control those WordPress servers infected by the malware and use them to further attack other WordPress sites. Visitors to these WordPress websites would in turn be affected by malware, earning you a bad reputation and a possible blacklisting by search engines.
Why was the word ‘WordPress’ specifically mentioned above? While reports suggested that WordPress websites were specifically targeted, it is not surprising. WordPress is the largest CMS used around the world. Over 25% of the world wide web uses WordPress-powered websites-making WordPress a huge target for hackers.
Not taking proper precautions with your website could be fatal for you and your customers. The cyber threats that exist in the world today require robust security guards. Let’s go through some ways to protect your WordPress website:
1. Check your WordPress version
WordPress regularly releases updates to its platform. In addition to new features, WordPress developers fix bugs or loopholes that have been detected and reported. Ensure you place your website in the hands of a WordPress hosting provider that automatically updates your WordPress version for you.
Only choose WordPress hosting providers that support automatic WordPress updates
2. Use strong admin credentials
Ensure that you use the strongest username-password combination to access the admin area of your WordPress website. Many users use strong passwords but play it safe with their username. Don’t have a username that says ‘admin’ or ‘webmaster’ as this is very predictable and easy for hackers to guess. Another must-do is to change your password every few months.
3. Remove unnecessary accounts
Delete any admin-level accounts that you don’t need. This way you have less high-value accounts vulnerable to be compromised.
4. Enable 2-factor authentication on all your admin accounts
This enables one more step for hackers to get through even if they do guess your password. The second step could be anything from a secret question to an OTP generated to your mobile number.
5. Update your plugins
Make sure all the plugins on your website are updated. Like the WordPress version itself, plugin updates are released by their developers as soon as they identify bugs or other issues that have been discovered. Plugins that are not updated are vulnerable to hacking.
6. Install a SSL certificate
A SSL certificate is a digital security certificate that encrypts the connection between a browser and a server. SSL certificates, therefore, make it difficult for a hacker to breach that secure connection and manipulate or steal information passed to or from your website.
7. Purchase a malware-remover
Malware is a term to refer to a collection of several types of malicious software that can compromise your website such as bots, viruses, worms, spyware, backdoors, rootkits, ransomware, etc. The list of different types of malware is quite long so getting a malware remover should cover your website from quite a lot of online threats.
There are several malware removal tools in the market. The most popular ones being ‘Malwarebytes Anti-Malware’, ‘Wordfence’ and ‘SiteLock’. You can also check with your web hosting provider if they have a package offer for your WordPress website with a malware remover. ResellerClub interestingly offers their WordPress hosting package inclusive of ‘SiteLock’ -which received Honor Roll recognition for the 2017 Online Trust Alliance (OTA) Audit & Honor Roll for the 5th year in a row. The Audit & Honor Roll recognizes excellence in consumer protection, data security and is responsible privacy practices for the world’s largest companies.
8. Backup your website
You could do your best to protect your website in every possible way from every known threat. In the cyber world today, however, it is almost impossible to be 100% secure. Ensuring you don’t suffer from any possible damage or loss of your website data is to back it up regularly. Again, a good tip is to check with your web hosting provider for a good deal. Be sure to check out the backup provider’s main website to verify that you have a robust solution.
CodeGuard is a leading website backup service that takes daily, automatic backups of your website in the cloud and encrypts it with the 256-bit Advanced Encryption Standard (AES-256) which is one of the strongest encryption standards in the market. In addition to a malware removal tool, CodeGuard is also integrated into ResellerClub’s WordPress hosting package,giving you the most robust security for your WordPress website that you can get.
We hope we’ve given you a comprehensive insight into the threats and solutions for WordPress security breaches.