11 May My Website Got Hacked. How Do I Prevent Hacking?
Website Security and Preventing Hacking
Recently one of my coaching clients told me that his website was hacked. One of his clients told him they had tried to visit his website and just saw a blank white screen. He was horrified and called me in a panic.
In helping my client to solve his problem, I noticed that there were a number of things he was not doing to make sure his website was secure. I wanted to share these with you so you do not have the same experience.
Here are the things he did not do that left him vulnerable to the hacker:
1. His Login name and password were easy to guess. If you have a login name like the default “admin” and a password like “password” it is time to change those to more secure ones that have a combination of letters, numbers and symbols. Obviously, you will also need to change these at regular intervals.
2. He did not update his plugins. I advise updating your plugins on a regular basis. Although you will need to make sure that your updated version is compatible with your version of WordPress. And always backup your website before updating it so if there is a problem- you can restore the old version.
3. He did not use a spam plugin so had tons of comment spam that needed to be removed manually. I recommend a wordpress plugin known as Akismet.
4. He did not remove unnecessary plugins. This guy was a plugin hoarder so we had to manually go through each plugin to disable them and then test which of these might be causing a problem. I recommend deactivating and removing any plugins you are not currently using as many hackers can get in through plugins.
5. He was using a shared hosting service. I recommend a “dedicated” hosting that doesn’t have any other websites on the same hosting. It is a little more expensive but is more secure and your website may load faster. The hosting company I use is Siteground hosting because its fast, secure and there are only a few sites on one server.
6. His version of WordPress was not up-to-date. We had to update his WordPress software to the latest version.
7. He was not conducting regular site backups. Whether or not your site is breached, it pays to have backups to your site, just in case you break something on your site, or an update doesn’t work as planned. I use a backup service offered through my hosting service, and also backup a copy to my computer’s hard drive as well as a physical copy to an external hard drive and Apple Time capsule. But you can also use a cloud back up service such as Dropbox, iCloud or Putlocker. There are also plugins for WordPress such as BackupBuddy to make backups automatic.
8. He wasn’t deleting comment spam. Comment spam is more than just a nuisance because lurking within comment spam might be malicious links or spyware. It must be deleted on a regular basis or use a plugin like Akismet to prevent it.