Here are a few easy steps you can take to avoid getting hacked.
I’ve had three client sites go down this past month due to malware infection. Yuck!
What’s malware? Malware (short for malicious software) is code that tries to get inside and take control of your website. It can get into your site via a corrupted file or vulnerable “opening.”
Some simple steps you can take to protect your WordPress website from the bad guys:
1. Update your WordPress version, theme, and plugins regularly. Outdated files make your site vulnerable. Make sure to keep a full backup of your site on a regular basis, in case something goes wrong and you need to reinstall the entire site’s files. There are online cloud-based services that offer this, as well as premium services like BackupBuddy to help with ongoing backups.
2. Change your log-in passwords frequently. Replace the default WordPress “admin” name for any user who’s signed in to work on your site. Add security questions to your login screen, or use Captcha to add an extra step of security.
3. Install SSL on your website. Most hosting companies offer a free version. Websites that don’t have SSL (Secure Sockets Layer) installed are being flagged by Google with with an “insecure website'” message. Look for the prefix “https://” and a small green lock icon in your browser bar when you visit a website. That means your connection to that website is secure, and any data you enter will be safely shared.
4. Remove unnecessary plugins and users on your site – keep things clean and streamlined. And only download plugins from reputable sites, like the official WordPress repository.
Worst case scenario: hire a local website security firm or work with your hosting company to add a security feature to your account (for extra cost). Your site will get cleaned up, scanned, and back up in no time!
Stay safe out there!