WordPress is the most popular blogging platform of choice for writers, but its also pretty popular with hackers and cyber warriors. Security is a threat to any website run on WordPress and hopefully you haven’t had to learn the hard way how important it is to take precautionary measures.
Back in November of 2012, I learned my personal blog had been attacked with a Pharma Hack. Not cool! I felt violated and had no clue what to do. I read articles about backups and passwords, but never did anything about it. Typical.
Since I only updated my blog every few weeks, I didn’t notice until a month later it had been attacked and by then it was too late. I took my blog down and haven’t resurrected any of my posts…yet.
I made two cardinal mistakes:
- I didn’t update my plugins on a regular basis
- I didn’t have a clean backup
I’m working on getting my content back and know it’s going to be a long, painful process.
To save you from having to spend time, energy and money stressing about a hacked blog, here are six things you can do right now, to secure your site.
- Contact your hosting provider to see if they save a backup in the cloud. Most should for free, or a minimal cost. It doesn’t hurt to check and make sure.
- Schedule regular backups. As of right now the best WordPress plugins are BackupBuddy, Schedule a backup daily, weekly or monthly and be sure to have a copy sent to your email and saved to your file manager.
- Update WordPress and your plugins. You’ll get a notice at the top of your dashboard when a new version is released. Take five seconds and update it. Sometimes hackers will discover a weak version and crawl the web for sites with easy access
- Change your password. DO IT! Change the password for your WordPress admin and also change your FTP or C-Panel password. This is another weak area for hackers.
- Monitor your site activity. This could be spam comments or changes internally to your files. Again, this is a bit more technical and will require to log into the C-panel but worth it if you know what to look for.
- Limit your FTP access. If you’re updating your site and need a web developer to be able to get inside your files assign them a very strong password and change it immediately after your project is completed.
When in doubt, check this great resource published by WordPress or consult your network. Twitter or Quora may be a good place to start. If you end up getting attacked like I did, it pays to have a friend or co-worker familiar with WordPress so instead of having to pay, in more ways than one, for a clean secure site follow these six tips and you’ll be in good shape.
Photo credit: downbythewaterfall