Several years ago I was running a portal website on WordPress. I’d spent a number of years building a respected podcast network featuring about 40 podcasts, all built on WordPress. When I look back I was really pleased with what I was able to build out of WordPress and it’s plugins, but I had a big blind spot.
Wordfence one of the leaders in WordPress security software mentioned in a recent post the method that hackers use to identify a new WordPress installation and prepare it for hacking in the future. Another security provider says that more than 30,000 websites get hacked every day.
Mine was one of those sites that got hacked and they not only defaced my site, they were able to access every other site on the network. It was a devastating blow to my business and my reputation. My closest supporters were understanding but the reputation damage had already been done. People would send me emails asking “was the site really safe?” It was a question – at that point – that I could only guess an answer to. It was such a frustrating and stressful time.
This experience taught me a valuable lesson in security. Hacking often isn’t about you, it’s about the ego of the hacker. The thrill comes from being able to exploit vulnerabilities – it’s about being able to demonstrate how smart the hacker is to their friends, at your expense. Where do these security problems come from? They often come from sites that haven’t been ‘locked down’ or from code that hasn’t been updated.
Even software code written by the best programmers can have flaws which create security holes for hackers to exploit. When you have a website built on a CMS like WordPress, you’ll see regular updates to core software and plugins. These updates don’t just deliver improved functionality, they plug vulnerabilities as well. That’s why keeping your site updated is so important.
Just like a bully, hackers go for an weak and easy target. They search for security holes that can be easily exploited. They often share information with each other about security vulnerabilities, and then write automated scripts to go out in search of people who haven’t patched the holes.
By taking simple precautions you can make your site a less attractive target for hackers. With a strong security plugin and by keeping your site updated you can stand up to these online bullies. It doesn’t mean that you’ll never be attacked or that hackers will not try to disrupt your site, but it will make it harder for them to achieve their goal.
Taking backups that are stored apart from your website will help you if your site is ever compromised. Being well prepared means your site won’t be disrupted for long, when a security event happens. Before you are attacked you should practice restoring your site from backup – so you know how to do it.
If you don’t feel you have the skills to secure your site, you can have peace of mind for just a few dollars each month. Asporea’s WordPress Protection Plan offers daily backups, core updates and plugin upgrades. We also offer a complementary health check to ensure that your site hasn’t been compromised. To find out more check out our WordPress Protection Plans.