Is your WordPress site under attack?
It’s no secret that hacking is the new “Russian front” with warfare co-mingling with cyber-warfare. We’ve all witnessed recent incidents of election interference, digital extortion and privacy leaks, not to mention a myriad of other online threats and scams.
Simply put, the bad guys have a crowbar at the front door of your website and are primed to crack your site-wide open. In fact, it may already be happening. The FBI is warning that there has been an increased interest by Russian hackers in energy companies since the start of Russia’s war against Ukraine.
It’s not just energy companies that are at risk, either. All WordPress websites are vulnerable to being hacked if not properly protected.
It’s a WordPress world
According to ithemes, WordPress powers 43.3% of all websites. That’s why WordPress security should not be neglected, yet often is. Two of the primary ways that your WordPress site will become vulnerable are:
Passwords suck, we know. However, a strong password policy is one of the simplest ways to protect your site. Your WordPress passwords should include a variety of characters, numbers and symbols and not be used as a password anywhere else. Make sure to regularly change your password to keep your website secure.
Even better, set up two-factor authentication on your site as an added layer of protection. It’s the best antidote to bad passwords.
2. Outdated plugins.
Like your car needs oil changes, your website needs updates. Outdated software, particularly plugins, makes it more vulnerable. It’s critical to get in the habit of regularly updating your website to lessen your chances of being hacked.
How do you know if weak login credentials or outdated plugins are putting you at risk?
First, check under the Users menu and see if you have a default user account named “admin”. If you do, create a new admin account (called Bob or Sue or “Head Honcho” or anything else) and use that new admin account to delete the default admin user.
Next, delete or disable any users that no longer have an active role on the site. Be sure to migrate any blog posts or other content they created to a new user (WordPress suggests this during the deletion process).
Third, ask your web developer to analyze your site with security software like Sucuri or iThemes Security Pro.
Fourth, check for updates. From your WordPress dashboard, click the updates menu and resolve any out-of-date plugins, themes or WordPress’ core software.
The more security, the better
Still feeling like the Russians could hack you at any moment? Luckily Communicatto specializes in WordPress audits, updates, repairs and “hardening” or “securing the perimeter” of your website and server to reduce the risk of hackers accessing your site.
Save yourself the embarrassment of your site suddenly promoting gambling, porn or bizarre ideologies. Shore up your defences today and give us a call. After all, the Russians are already here, so hiding under your desk is no good.