The web can be a dangerous place these days. Every other day you’ll see in the news another case of a data breach or a hacking or whatever is that day. It happens to everyone, even large companies that you’d think would be able to keep their stuff safe and secure.
Just this morning, I got a notification about my data being leaked in another hacking incident. It wasn’t anything bad, but it still sucks knowing that another company has mishandled sensitive information.
The truth is if a hacker wants to get into your system they will.
No matter what you do, someone can probably find a way to get past all of your WordPress security. It can happen and it does.
What is hacking?
The term hacking has a strict definition of using a computer system to gain unauthorized access to another. But people use this to be synonymous with many other ways of gaining access to a system. Those can be things like phishing where you send someone a link with a fake login form that looks like a real one. Another is social engineering, where you might impersonate someone while talking to customer service and the service rep gives you access. Another is a DDoS attack where you send a server lots of traffic to the point that it can’t handle it and it crashes.
My point is that there are a lot of things that are incorrectly called “hacking” but that’s ok – it’s all technobabble stuff where the bad guy tries to steal your stuff. It’s all bad.
What is a WordPress hack?
All of the above methods could be used to hack WordPress. With WordPress powering a large percentage of the internet’s websites, that makes it a pretty big target. And, there’s a large ecosystem of plugins made by people who aren’t security experts. So, this means that there’s tonnnnsss of places a hacker might look to be able to gain access to your website.
Usually, when someone hacks a WordPress site, they get nothing. Most WordPress websites are simple blogs with no user information. So, most hackers just point the whole entire website something unsavory like pills or porn. Not much damage is done, but it can be a big pain to clean up.
If your WordPress website stores personal information like an e-commerce website would, well then you might have a bigger issue on your hands.
The most common hack I’ve seen is where the website gets redirected to another. I rarely see anything else but I don’t work on huge company websites.
What are some ways to prevent WordPress hacks?
1. Security Plugins
I like to use WordFence and Ithemes Security. I generally don’t use both at the same time and definitely prefer WordFence. You can see it working in real time – blocking people and ensuring all traffic is legit. I know it’s effective b/c I’ve never had a site with WordFence get hacked. That’s a pretty big statement as I have hundreds of client sites out there. However, those without it have gotten hacked, unfortunately.
It’s a simple plugin to setup. Really, there’s not much setup at all. Just enter your email in the popup box and it’ll email you whenever it needs help.
2. Secure Hosting
There’s really only one company I would suggest here: https://wpengine.com. I see them as the leader in WordPress hosting so they know what they’re doing. The have security measures built right into their servers, so you don’t have to worry about a plugin. It’s already there and you don’t need to do anything.
3. Secure Passwords
This is really something you should do for every password. Don’t use the same password for every website. Make an algorithm that you use for all sites and that way you never have to remember them. Or, use a password generator and something like LastPass.
It just too easy for a hacker to get access to one of your passwords and then that gives them access to everything. Just don’t do it.
4. Keep WordPress, plugins, & themes up to date
As things age and other things get updated, vulnerabilities can be exposed. Old code doesn’t last forever and there are reasons other than adding new features that developers update software. It’s important to keep things up to date to ensure that the most recent security holes are patched and filled.
WordPress makes it easy to update the core software and plugins by just clicking the update buttons. Themes are a bit harder to update and you’ll need to refer to the developer or ask someone knowledgeable to do it for you.