30khackedsites

Security; it’s something that all of us, individuals and businesses, should be aware of. Are you?

According to one source, 30,000 websites are hacked every day. That’s quite a chilling figure, isn’t it? In the grand scheme of things, however, 30,000 isn’t too bad given that there are 1 billion websites on the internet. However, you really don’t think your own site will be hacked… until it is. And with more sites than ever using WordPress, we’ll be focussing on WordPress security in this blog. It’s relatively quick and easy to tighten up your WordPress security – so here are some quick tips.

Update, Update, Update

It can often sound like such a minor thing, but keeping your version of WordPress up to date ensures that any new security measures imposed by WordPress, are installed and implemented on your website. It’s pretty easy to update WordPress too; once you log in to your admin dashboard, you’ll see a notice at the top of the screen, with a clickable “Update now” link.

WordPress 'Update Now' Notice

Once you click to update, WordPress takes care of the rest! Sit back, go make a coffee or continue with something else on another internet tab. The same applies to plugins – click “Plugins” from the menu on the left. The general rule of thumb? Click the checkbox at the top bar, select ‘Update’ from the dropdown menu and click ‘Apply’. This will run through any outdated plugins and will update them accordingly.

Update Plugins on WordPress

Don’t make it easy for hackers!

It’s probably a ‘no brainer’ for some but it’s worth reminding you that we always recommend strong, secure passwords. Generate a random password from sites like these. Also, hide your admin login page! By default, WordPress installs your login page and allows you to access it from yourdomain.co.uk/wp-admin. So if someone was going to hack you, chances are they would guess that your login page was located here. Hide it! You can rename your login page location with the help of some handy plugins – see below for more details.

Also, locate the ‘wp-config-sample.php’ file from your root install of WordPress and delete this! This is not a necessary file and has been known as a method of entry for hackers.

Plugins – making life easy.

First of all, if you’re unsure what a ‘plugin’ is – it’s basically like an add-on which has a purpose. You can download plugins for almost anything – ones which will create custom contact forms, mailing lists and much more. Here’s some great ones for security:

iThemes Security (FREE)

This one is the creme de la creme of security plugins! Once downloaded, you can activate the plugin and run through some basic site security checks.iThemes Security for WordPress

It also keeps you updated with any alerts by email – which you implement during the initial setup. As mentioned above, hiding your WordPress login page can often make things easy for hackers. This plugin has the option to hide your WordPress login page. You can rename it to something like yourdomain.co.uk/mysecretloginpage. Best thing about the plugin? It’s FREE!

WordFence Security (FREE)

Another great plugin – this one runs various scans on your site, checking for any vulnerabilities. The plugin has a firewall and can also scan for malware and block malicious IP addresses that have tried to gain access to your WordPress admin dashboard. The plugin works alongside iThemes Security but it’s worth noting that you should disable iThemes Security when installing this, to avoid any security conflicts. Simply click ‘deactivate’ on the plugins page, then reactivate the plugin once WordFence has downloaded.

Don’t know how to do this or have the time? From less than £2 per day, we can manage the updates for you! For more information get in touch: hello@bcs-studio.com or sean@bcs.solutions (0131 376 4107)

 

 

Leave a Reply