You know that feeling: the WordPress security alert hits your inbox for the third time of the day and your gut flips over. Has your site been hacked again?
No matter what you do, your website just keeps getting broken into. Not only is your information in danger, but your driven traffic has dropped because Google blocks any hacked sites. There’s no SEO strategy in the world good enough to get you off the blacklist.
Although some security measures are straightforward, such as using long passwords or keeping certain information private, there are a few mistakes that users like yourself or even your web developers make every day.
Our monthly maintenance plan helps correct those big mistakes and makes sure we’re on the lookout for more. However, the following issues are self-correctable and with a little work, you can properly protect your website.
Here are the biggest mistakes you can fix when it comes to protecting your website.
1. You Haven’t Changed Your Back End Login
When you hire a web development company to design your site, you expect a certain amount of care to be taken. Although they might be a genius at creating your WordPress site, more often than not they’re letting you down where it matters most: Protection.
WordPress has a default login of /wp-admin, and more often than not web developers don’t change this when they send over your completed site. Since this is the automatic back end login for all WordPress sites, you join a large pool where hackers love to fish.
There’s an easy way to see if your back end login has been changed. Simply type your domain/wp-admin into your browser. If you receive a “Page not found” error, you can breathe a sigh of relief. You’re covered.
However, if you don’t then you have a big problem on your hands. But thankfully, one that’s easy to solve.
When we maintain a website, the first thing that we do is check to see if the backend login has been changed. We do it automatically, and you can as well from the ‘Change wp-admin login’ plugin on WordPress.
When you activate it, you can click ‘Permalinks’ and change your URL at any time. And just like that, you close the door in a hacker’s face.
2. Your Username is Still Admin (In Any Form)
Remember how we changed the default backend login a moment ago? Well, I have some bad news about your normal login. ‘Admin’ is the default username for WordPress and happens to be one of the easiest words to guess. Any format of ‘admin’, no matter what variation, is crackable.
It’s simple for a hacker to figure out you’re using ‘admin’, simply because WordPress will tell them. All they have to do is enter the username on the login screen, enter a random password, and press enter. WordPress kindly lets them know that although the username is correct, the password is wrong.
From there, it’s easy for a hacker to keep guessing and use specific computer programming to find out what your password is.
When you change your username to something more complicated and personal, you give your website a much higher security wall. And don’t worry if you’re not familiar with strength guidelines. There are a variety of websites that will let you know if your username choice is too weak.
3. You Don’t Update Your Plugins
Updating anything on your computer can be an exercise in patience. More often than not, you delay important app or plugin updates because you’re in the middle of a project or you don’t feel like dealing with it at that moment.
Days turn to weeks, and your plugins continue to grow more and more outdated. Although this seems harmless, you’re actually creating holes in your security that can allow someone to get into your site.
Technology and coding is a constantly changing industry, and every day hackers find new ways to crack certain programs. The developers work hard to seal any breaches in security that arise through new updates. By not installing those updates, you’re not bringing your security measures into the new playing field.
The older your plugins and your version of WordPress is, the more different kinds of security breaches exist. Make sure you update immediately to get the full protection you deserve.
4. Learning Basic Coding Isn’t a Priority
Knowing basic coding can help you fully protect your site. Many hosting companies claim to provide optimized security and compatibility with WordPress, but the coding tells a different story.
The WP-config.php file in your code is the crown jewel of your site. It holds crucial information about your data and is the backbone of your content. Through specific commands, you can take your site protection into your own hands and design what you need.
Specific perks include disallowing file editing for specific users, setting specific directory permissions, and disabling directory listings that you don’t want public. There are a thousand and one options that become possible when you learn some basic website coding language.
If you find you have a hard time learning the language, don’t worry. There are many web developers who are happy to maintain your site and update your coding. We are one of many companies who specialize in doing the hard coding work.
Preventing Hackers Can Be Tough…
Let H Grant Design protect your website is easy so you don’t have to worry about it!