Protecting Your WordPress Website from Hackers in 2015 will be a bit more complicated than adding a secure password to your login screen. We've seen it all. Hackers, like tiny mice that search for small nooks and crannies in your website's framework, use every trick in the book to bypass your protection parameters. In the last few days, there was a HUGE WordPress website hack that exploited an outdated plugin that compromised more than 100,000 websites!
SO, HOW THE HACK DID THIS HAPPEN?
It happened via a WordPress Plugin. WordPress Plugins are bits of software that can be uploaded to extend and expand the functionality of your WordPress site. Through this small chink in the RevSlider plugin, which was confirmed by Security firm, Sucuri, hackers were able infect sites to load highly obfuscated attack code on every webpage. Since many users didn't update their Plugin to the NEWEST version, their sites were exploited. Thousands of websites were hacked and promptly blacklisted. And no, we don't mean by David Spader. What we do mean is by the Search Engines. This included Google, Yahoo, Bing and a slew of others. Visitors to your website will be greeted with a screen similar to this one:
When search engines BLACKLIST your website, it can be detrimental to your business. Plus, while WordPress has over 70 million live websites it makes it a bit more vulnerable to attacks like these. Being blacklisted results in:
- The Loss of Search Engine Rankings
- Decreased Website Traffic
- Loss of Revenue
MY SITE IS INFECTED, WHAT NOW?
5Four Digital has implemented a regiment for protecting every website we manage. Below, our list contains detailed tactics to protect your website from hacker bots, live hackers and a slew of other attacks.
- Check Your Website NOW - One of our favorite tools is the Sucuri SiteCheck Scanner. It will check your website for known malware, blacklisting status, website errors, and out-of-date software.
- If you HAVE issues, fix them immediately! - There are several websites, forums and online security firms to help fix your malware infestation. A few include:
- Sucuri - Leading WordPress Security Firm
- Clean Website Backup - If you have a clean backup of your site's contents, re-upload all of the site's files to REPLACE the malicious content.
- Wordfence - a free enterprise class security and performance plugin that makes your site up to 50 times faster and more secure.
HOW DO I PREVENT A VICIOUS CYBER ATTACK ON MY BUSINESS?
- Keep WordPress UPDATED - keeping WordPress updated will protect you from hacks from older software
- Keep Your Plugins Up to Date - Like the recent RevSlider debacle, it's a good idea to keep your Plugins up-to-date, as well.
- Delete Any and All Plugins Not in USE - If you have Plugins installed, but not using them, delete. DELETE. DELETE.
- Use a Security Plugin - There are a few GREAT security Plugins out there that will protect your website for FREE (as well as enterprise)
- iThemes Security - The easiest, most effective way to secure WordPress in seconds.
- iThemes puts great tactics in place that utilize a user-friendly interface. With it you will be able to:
- Change the URLs for WordPress dashboard areas including login, admin and more
- Completely turn off the ability to login for a given time period (away mode)
- Create Difficult Passwords and 30+ more...
- iThemes puts great tactics in place that utilize a user-friendly interface. With it you will be able to:
- iThemes Security - The easiest, most effective way to secure WordPress in seconds.
- Wordfence, Ultimate Security Checker and more are also available.
We believe creating a thriving online business begins with great website design, a simplified consumer experience and a secured website users are proud to visit.