Believe it or not, 70% of the blogs that exists on the Internet today are built on WordPress. This is to show how huge the software is. There had even been debates about If Matt Mulleweg of WordPress is more smarter than Mark Zuckerberg of Facebook but that’s a story for another time.
Since we all know that the security of our WordPress based blog is very important to the success of our businesses especially if you’re the corporate blogger.
WordPress is a great content management system or CMS as they call it. It’s even free for that matter with tons of free Plugins and themes to makes its functionality in gazillions.
“Well, you can build that with WordPress” That’s what most Internet users say. This is to show its flexibility and dynamism.
But don’t expect something that almost the whole contents on the Internet is built with not to have some leaks. I mean even if there isn’t any, some cyberpunk will always create some that’s why “100%” isn’t the popular word to use when it comes to software and Internet software in fact.
Automattic the company behind WordPress never relent as they try making the software better with better security patches. Updates usually come periodically and users are usually advised to update their website on time while they still have the total control of it.
We’ve all seen it in story headlines and heard it in radios that even top government information are being leaked why? Because some hackers broke into the system and stole them away. This is to show you how vulnerable the Internet world is. It’s really very vulnerable.
But since we’re trying to be on the safe side, we need to consider the reasons why your website would be the next hacker’s target or if not hacked out yet.
REASON 1: political blog
Yeah who cares on what you blog about anyway? But that’s not always how it is especially for the political blogs. When it comes to politics, you have lots of people targeting aside trolling and lambasting your posts on social media and even on your comment forms.
Your website can be targeted because of your political choice wherefore the perpetrators might be those from the opposing side. Political activists and public political figures are usually targets of those who don’t like what they do.
Apart from wanting to hack their websites out and getting their information, they might also want to redirect their websites to spammy websites or just want to use the process as a means of defamation. If you’re so in this league, then you need to pay attention especially as a WordPress user.
REASON 2: Your blog is grown and big enough
Do I have to tell you how many hackers that tries hacking into systems like Washington post or CNN? Well those are sort of world-class…
I know but in as much as your blog is beginning to get a decent amount of traffic which can be depended on as an income channel, then you know that there are some people in the dark more willing to divert those funds if not well channeled into your bank account.
Your customers info which includes their email addresses, payment information, payment details, residential information and so many more are at risk if you don’t take good care of them well.
And that can lead to a business downfall for you if your system isn’t well secured with the necessary tools that boasts your customers’ confidence.
REASON 3: You host files and software on your server
Well it’s not everyone that can be like Google play but assuming you’re trying to create a Clone on your blog, well that might be a little bad idea because your website can be infected with some very malicious software which will pave way to hackers especially if you don’t know where those software comes from.
Some desperate bloggers would accept any software of such just to publish so they can sort of have their downloads version well stocked up with latest apps and software just to realize they’re not the only ones controlling the system.
REASON 4: outdated plugins, themes and core CMS
I know you’re a lot busier that remembering to update your WordPress blog ones in a while but hey, you might be fucked up when the who issue gets down. It takes just a button to update a WordPress based blog.
The team behind the software knows there will always be holes for hackers to try and explore and that’s why they regularly do update patches which is a means to seal up those little leaks.
Your themes and Plugins also needs to be updated. Note that these two components do have database tables which are right within your WordPress based database.
This means that any vulnerability can lead to the compromise of your entire system that’s the simple but harsh truth.
REASON 5: You hardly go on your blog
I won’t blame you that you’re a 10 to 10 type of employee and nobody blames you anyway. But if you’re not ready yet, then you can consider dropping it now till you’re set.
This means hackers easily know which website is well dusty. They can therefore utilize your system as their mask to doing many evil things go which can lead to your eviction from your hosting provider and that’s gonna be a serious damage to your new reputation which you’re trying to build especially if you hosted the website with your name.
Your details and identity can be stolen and be used for bad things and since you’re so busy that you barely shaved your pubic hair, then you might be ready to answer some FBI questions when things gets extremely wrong.
You know what? It doesn’t matter whether you are public target or not. Hackers generally do many things with hacked websites.
Either to steal your information or valuables such as your user data which includes their credit card information especially when you are operating an e-commerce website on WordPress.
They might also want to utilize your website as the hosting avenue for their spamming services which will eventually get you flagged off Google and other places and “Psst” business gone.
So it’s very essential to always take the necessary steps involved while ensuring the safety of your business (if you think of your blog as one anyway).
But long story short, if you’re the type of person who isn’t that a regular when it comes to updating and fixing security issues on your blog, then a check for safety might be a good thing first before we proceed to the steps to actually securing your WordPress website.
THESE SOFTWARE HELP YOU DETECT IF YOUR WEBSITE’S BEING HACKED
List goes here.
I know you’re filled with words like “My website is secured” or “Why would anyone wanna hack my website” but who cares? You should.
Well, before I proceed with these, I might like to recommend you to some of the best free hacked website checkers online. These tools will help you know the current status of your website so as to know what necessary step it is to take next.
1.) Is It Hacked This is a very good hacked website or software Checker assuming you also host software you might have doubts about on your server.
It’s as simple as just plugging in your website or the file path URL into the search box presented at the homepage of the website and then press the Check button which loads up your entire website information showing the status hacked or not.
2.) Site Guarding This is another powerful site Checker. Just like the first one the list, it shows you some detailed statistics about your website letting you know if it’s hacked up or not.
It also show a big check big Mark which means your website is totally safe. Anything aside that green, then you need to act soon.
3.) Securi Site Checker This is a very powerful site check tool out there. It provides you with some indepth details about how far your website fairs. It show you analysis. The software does:
Viruses (including embedded trojans)
Redirects
SPAM and blacklisted site references
Malware
Obfuscated JavaScipt Injections
Hidden & Malicious iFrames
Phishing Attempts
Cross Site Scripting (XSS)
Malicious Redirects
Backdoors (e.g., C99, R57, Webshells)
Defacement
Anomalies
SQL Injections
IP Cloaking
Social Engineering Attempts
Drive-by-Downloads
It’s a very great tool which is free at most but comes with a premium value.
It’s paid version can help you while you’re away as it keeps your website totally safe and cleaned up from hackers out there. It’s pricing is around $88.99 per year. It’s all worth the investment.
4.) Google Webmaster Tools This is another awesome tool. It’s completely free as far as I know. The software isn’t just about letting Google searchbot have better understanding about what your WordPress based website is all about.
It’d also the safest tool to help you know if your website had been attacked by malicious software and codes…in other words hacked.
This shows a warning sign about anything unusual and alerts you right within the dashboard. You should create an an account if you don’t have one already and get things known ASAP.
5.) Google’s safe browsing checker:
Is another awesome Google tool which helps give better understanding about what’s going on with your WordPress website.
All that needs to be done is to plug in your domain URL at the end of the Google tool Checker and then you wait for the rest. “http://www.google.com/safebrowsing/diagnostic?site=yourdomain.com” where yourdomain.com is your website’s URL.
All others website security checkers are great as well. They all help you analyze potential threats to your web site’s security and that’s a good countermeasures which pays off well on the long term.
As said earlier, this post is about getting you on the right path of securing your WordPress based website against potential threats.
This means we can evaluate some innovative ways of getting this done without losing your soul. And as a real fact, you don’t need to be a computer psych before you can get your website well secured. It just takes commonsense.
How to do WordPress hacked fix
You need to understand many things about your WordPress website. You need to know how things work. And you need to take countermeasures.
This means that you’re already getting your security well done before things get out of hand. A well secured WordPress based website will be a serious problem to any potential hacker because WordPress itself is a very powerful system with a large community always actively looking for vulnerabilities and patching those holes up. These guys are really dedicated and awesome.
Well as I’ve said earlier, it takes commonsense to do countermeasures. It’s not until you’re a great coder like Phils Carlque, you just need to know the right thing anyway so as to know what’s well and not well.
1.) Password
Let’s start with your password. Yeah it’s great to have a password you can remember. After all, your website isn’t Facebook that needs a very large pile of books of passwords for the Super administrators (I’m just guessing).
The reality here is if your password isn’t strong enough, your WordPress website can get hacked out using brute force.
This is a situation whereby the bot the hacker uses keep guessing your password until it gets it and then the rest is another story entirely.
There are lots of password keeper apps and software online that you can use to keep your password. If you’re old school like my mom, you can then store your password in a notepad app on your phone or computer but make sure it’s well secured.
Aside using a very strong password which will be non-guessable for any brute attack, it’s essential to always change your password from time to time.
This helps you to be multidimensional rather than sticking to the same 6 letters for the rest of the year.
WordPress as a secured system is able to help you get this done by simply generating highly secured passwords for you in the profile dashboard of the administration area.
The password strength reader shows you the strength of your new password if you’re not satisfied, then you can regenerate and then copy it in a safe place offline or online.
But I’ll prefer online. If your computer gets hacked out, it could be a property loss for you. So do it the modern way and get things saved up. You have 15GB in Google Drive if you have a Gmail account. There is also Google Sheet. You can use this tools to get most out of security.
2.) Security Plugins are welcome
There are some awesome Plugins right online for WordPress based websites but my favorites are WordFence and AIO security plugin. These Plugins are very awesome especially when doing countermeasures.
As a WordPress website owner, you need to install such reliable software which will help you do better analysis and then get every leaks in your website blocked out. From blocking spams in your comment form to fencing off content thieves from stealing your valuable contents. It’s all about absolute security. Trust me.
3.) Ever checked your .htaccess, .php files and media files or software
All these files are hackers point of target. They can inject some very malicious codes within any of these files and then be able to use those as a link hole into your system. What this means is that you need to always keep a good eye on your entire website’s files.
For example the .htaccess file is the URL point of contact with the server requesting for contents from your website. This means if a potential hacker can place a redirect link and rewrite your .htaccess file, then your website will start leading to another malicious website each time a user make URL request.
Your .php files are another powerful point. Since WordPress is written in the PHP language, you should know of those files will always be on your server. But if some unnecessary .php files are stranded on your server, then it might be a good idea to get them flunked off.
And like I’ve said earlier on, softwares should be hosted on another server usually in the cloud. This will enable your website to work faster and loading time will reduce. It also will help you from hosting some malicious software on your server which could damage things.
4) Regularly do back up
I personally use Updraftplus for clients. There are gazillions of others on the WordPress repository. Why I prefer Updraftplus is because you can connect any cloud account and then the backup will be on a schedule whereby you won’t have to worry about backing up, downloading and uploading. That’s a tough and wasteful way in a civilized world.
Updraftplus plugin is free although they have a premium version whereby you can auto backup to multiple cloud servers at ones.
This powerful plugin will help you backup and restore in just one single click. All the process is fast and advanced. I recommend it. But assuming you already have one you know well about, then no problem but make sure you backup your WordPress website on a regular basis Just in case.
As you can see, it’s not a tough situation when it comes to WordPress website security. All that needs to be done is making sure. As a WordPress website owner, you should check your website’s health and do regular analysis of the general security.
But if your website is hacked out, there are many ways by which you can get things done. You can either contact your hosting provider and ask them for directions and in case you are too busy, you can employ a programmer to get that done.
Assuming you’ve gotten your WordPress website backed up earlier, the it will be easy to do restoration. You’ll just have to delete your present WordPress or update the WordPress core files (but I’ll prefer you delete the entire WordPress website) and then if your hosting provider supports one-click install, then you’re lucky.
Do that and then reinstall the Updraftplus plugin and then connect it with your server and then it will show your backed up files which can be restored with just one click. And your website is back.
But assuming you didn’t back up, the severity of the hack is what needs to be dealt with. Assuming the website only redirects, then you’re gonna need to go into the .htaccess file and then look for any unusual links there.
But then website security checkers are great tools to help you detect which type of file or component that is affected.
Your website is a very important part of your business or your life if you’re just the type that likes screaming out about things you did the last night with your cute cat. Therefore, take your website’s security seriously so that things won’t go bad.