Safeguarding Your Site
From Malware & Hackers

7 Basic Steps to Safeguard
Your Site From Hackers

Internet security concept man pointing solutions

With the growing popularity of WordPress which is an awesome Content Management System (CMS) and where it commands a growing 30% market share of brand new websites, there are increased threats from internet hacking. As WordPress continues to grow in popularity, it’s community of coders and developers create stylized themes and add-on plugins along with threats from the hacking community. It is at this point where there are multiple ways that hackers can get into your site that poses the greatest amount of risk. Therefore, it is crucial that you carefully examine any theme or add-on plugin that you install on your site.

What Are Hackers?

They are a bunch of nefarious software hackers who try to gain access to your website through various means: unauthorized access with your login and password, gaining a backdoor entrance into your site, injecting malicious code or jamming your site with computerized attacks such as Denial of Service (DOS). There’s much more into this which would detract from the main point of this article.

Privacy concept: Pixelated blue text Internet Security on Digital wall background with Binary Code
Privacy concept: Pixelated blue text Internet Security on Digital wall background
with Binary Code

Why Do They Want to Hack My Site?

You may be a blogger or a small business owner with no substantial or useful information on your online website. Why would anyone be interested in hacking into your site? The internet is like the wild west of global collective information. Some want access to your credit card information while other hackers are just plain malicious and want to disrupt your site – just as juveniles want to tag a building or public facility with graffiti.

But the most notorious ones, are those who create automated spiders (spy bots) that scrub the web in search of vulnerabilities in websites, themes, plugins, and scripts, etc. If these web bots find an area of interest, it reports back to its owner who may intentionally try to break into your site. Nothing is worse than having your site display offensive photos or sensitive material that you don’t want. Sometimes it could be the white screen of death (blank screen) or graffiti on your beautiful site.

Basic Steps to Prevent Hacking

Now that you’re aware of the potential danger imposed by web bots, spiders and spy bots, it makes sense to create some basic strategies to prevent hacking. Although nothing is full proof, you can take steps to avoid getting your online reputation smeared or violated. Here are some basic steps you can take although this article is not extensive.

Step One: Create a Landing Page

Create a backup landing page in the event when your site goes down or under maintenance, so your clients will know you have not gone out of business. Create a temporary landing page on a different server. This can be accomplished by changing your web’s DNS “A” Record that will point visitors to the temporary landing page which contains some of the basic info on it. Ask your hosting company or developer if you need help with this.

Binary code and lock on detail pixellated screen
Binary code and lock on detail pixellated screen

Step Two: Change your Login and Password

Avoid using login names such as “Admin” or “admin” or “pass” or “password” or “1234567” as default login names. Webots and spiders will exploit this as the most common default login scripts. If you fix your site but are still using the same password, you are giving the house keys to a stranger who can come in and wreck your site. If you’re a junior or intermediate user, at the minimum you need to change the following passwords such as:

  • WordPress Login
  • FTP Account
  • SQL Database
  • Hosting Account
  • Step Three: Make a Global Backup

    Your hosting provider should include daily, weekly or monthly backups for database files or global root backup of the entire site. If you don’t have a backup system, you may want to explore some free popular backup plugins or search Google for iThemes Backup Buddy that’ll solve your worst nightmare should your site disappear or get hacked.

    Step Four: Delete Old or Unused Plugins

    Check the developer’s plugins, or look how recent the plugin developer have upgraded their plugins. Delete any plugins over a year old. One of the most common ways hackers will gain access to websites is through out-of-date plugins. Even current plugins may be open to attack. Optimally, it is good practice to use the minimum amount of plugins on your website.

    Again, make sure the plugin is actively used, and check that it has a high star rating and has a large user base. If you have an e-commerce store, use the most widely accepted plugins like WooCommerce that are actively updating their products.

    Step Five: Use Malware Inspection Tools

    Malware can be injected from various sources: source code, plugins, and themes. It is a handy plugin tool that detects, viruses, trojan horses, or bad scripts that can damage your site. Therefore, it is good practice to employ malware inspection tools that will highlight changes to core programs, detect and quarantine bad code and clean up the site. I do this regularly at least once a month to prevent malicious code injection.

    Privacy concept: Pixelated blue text Malware on Digital wall background with Binary Code
    Privacy concept: Pixelated blue text Malware on Digital wall background with Binary Code

    Step Six: Install Security Plugins

    There good security plugins. One of the best and free security plugins is called WordFence. You can find it by going to the Plugins tab, and search for “WordFence”. There is a premium version which costs less than $5.00 per month, but the free version is well throughout and very effective.

    Wordfence has a built-in scanner that scans the source code, detects and highlight changes to the program code, including tracking IP (internet protocol) address from incoming sites, and provides the type of browsers being used (Google Chrome, Apple Safari, Firefox, Opera), IP addresses, location and the registered name of the users. It also provides an option to “Block” the errant user, so it is a handy tool.

    Step Seven: Purchase An SSL Certificate

    SSL is short for Secure Socket Layer that encrypts communication from your website to the web browsers that people use to get to your web. Without SSL, data is exposed to hacking including financial transactions. You can purchase SSL with an annual subscription or get free certificates elsewhere.

    Hit The Reset Button

    If all else fails, use the reset button. Reinstall a fresh new version of the latest WordPress engine – Yikes! But we will cover this aspect in another article.

     

    Web Security