computer-hackerWordPress is a familiar term to anyone with even a remote connection to the digital world. As the planet’s leading content management system it dominates the open source market with nearly a 70% market share. But, there’s a dark side to this plug and play beauty, and that’s its propensity to be hacked.

It’s not that WordPress is more vulnerable than Joomla, Drupal, or the rest of the open source field, it’s just that there are so many more WordPress sites in the pond for hackers to fish. (Hackers, the cowardly cyber terrorists who are probably locked up in their mother’s basement with hot pocket stains on their Star Wars shirts, are a topic for another rant.) They, like legitimate humans, have to manage their time so why not go after the market leader – right?

If your site is hacked, it can be as harmless as a few bogus links in the footer, or as harmful as a program designed to mess with your site’s visitors, which will get you banned, blocked, and flogged by Google and the rest of the search engines. So, with all things, prevention is the best medicine, or cure, or however the euphemism goes.

Ten very important points of discussion to prevent and protect yourself from hackers.

  1. Never use admin as your login name. Really. You might as well use password as your password.
  2. Use a password that looks like a cat just jumped on your keyboard. Something like: {(*&YUHN)9><?7FG But not that one, it’s the password to all my bank accounts and I don’t want it getting out.
  3. Change your password often. Hackers can install malware on your computer that can discover even the most secure password.
  4. Backup your site. We learned this one very early on in our days as a young agency. There’s plenty of great plugins that will allow you to backup and a few paid versions that will do it automatically and store it off site. Try Backup Buddy.
  5. Use a password management system like Last Pass to help you remember, store, and change all your passwords.
  6. Be careful with your Plugins. Anyone can create them. While free and often useful they can be an open window in a warm house so make sure they are well reviewed.
  7. Update your WordPress site and your plugins. Or have someone do it for you, like us.
  8. Change your cPanel password as well. It’s an easy way into your file manager and FTP account and if someone gets in there they can do much more damage than simply logging into your WordPress dashboard.
  9. Use a security plugin like Wordfence. It will scan and report on the health of your site and lock out users after too many bogus password attempts.
  10. Find a host that does free scans and backups. We use Hostgator for our sites and as our reseller partner because of their support – but we recently learned they do weekly backups of everyone’s site and twice yearly malware scans. Pretty sweet.

We are not formally endorsing any of the above plugins, it’s just that we’ve used them with good luck. If you need us to help, we’re certainly here for you and have some super geeks on the team who are awesome at de-mucking what muckers have mucked up.