By Nick Hoover
Recently I had the misfortune of telling someone that I didn’t think their site was going to make it. The site had been hacked and hacked bad. It was far beyond my capabilities. I tried time and again to revive it, but the hack just kept coming back.
“No problem” I said, “let’s just install a fresh version of WordPress and upload your database backup.”
“Great.” he replied. ”How do I get a get backup?”
I knew we were doomed.
If your site is on the Web, it’s subject to hacking. There is an extensive list of recommendations for hardening your WordPress install over in the codex. If you’re serious about security, it’s worth a read. I wanted to include three of my tips for securing WordPress below:
1) Update your installation
You’ve heard it a million times, update your site. Consider this a million and one. Why is it so important? When the WordPress community discovers a security bug and squashes it with a new release, they make the details of that bug public. This means a security flaw fixed in the latest version is now public knowledge and available for exploit. That’s a problem for you if you don’t update.
2) Download a Backup of your site as often as possible.
A secure site will never be totally secure. It’s a scary thought and one that keeps me up at night. That’s why it’s vitally important that you maintain an offline backup of your WordPress site. This should include your files and the database that runs WordPress. In the case of a major server crash or hack an offline backup can save your bacon. A good WordPress host will give you this option. If you maintain a large WordPress installation you’re probably going to pay for this service. But you’ll thank me later when your site gets hacked.
3) Free Wifi is usually not secure wifi.
I love writing blog posts while sitting in a coffee shop as much as the next blogger, but unless you’re connecting to your network via VPN or your own secure connection you’re opening up your site to hacking. When connecting to your WordPress dashboard be mindful of where you’re connecting from. It’s surprisingly easy to intercept what you’re sending over a public wifi connection and use it for nefarious purposes.
Is it possible to completely secure your site? No, any site on the web is susceptible to attack. But by staying updated, backing up your installation and being aware of your surroundings you can limit the damage.
Nick Hoover runs Niby Design Group, and consults with Angling Trade (and many others in the fly fishing industry) on issues related to websites and growing business online. See Nibydesigngroup.com
1 Comment
One of the worst WordPress attacks lately has been one directed at sites using ‘Admin’ as their login ID. Use well-crafted and secure IDs and passwords.