WordPress Hacks: What Not To Do
We've said it so many times here on the blog: it is vital, whether on your WordPress site or your shared hosting account, to perform software updates. Beyond vital.
And recent news underscores the importance of this. Outdated versions of WordPress allowed hackers to launch DDoS attacks from a total of 569 separate WordPress blogs. Hackers launched this DDoS attack by hacking into only a few servers.
Easy = Vulnerable
It is the very nature of WordPress that makes it so vulnerable. It's so easy to use, and that means users who might not have any IT experience whatsoever are managing a website or blog.
Because they have no clue as to best practices, they don't update their software when an update becomes available, and they certainly don't have a strong password or unique username. These two problems alone add up to vulnerabilities that can cause a catastrophe.
WordPress Hacks: The Importance Of Updates
There are many out there that ignore updates, putting them off until they “have the time to install them.” This is extremely unwise. While some updates fix simple bugs or add some form of new functionality, there are those updates that fix critical security flaws.
These hackers are banking on you NOT performing the update, leaving the door wide open for them to use your website for malicious DDoS attacks. Don't be a victim! Update, update, update!
WordPress Hacks: What Else Can You Do To Protect Yourself?
- Get creative with your username. Do you know the number of people that keep the username “admin?” It's almost ridiculous. Don't use your name, either. Try to get creative. Do you like butterflies and the color purple, and have a favorite number? PurpleButterFly is a good one, incorporating that number in there somewhere.
- Passwords should be strong. So you capitalized a random letter and threw a number in there. Great, but it's still hackable. A strong password is a random string of characters that makes no sense, like X*!/feZ90(# or something else involving multiple character types. In this way, you make the likelihood someone is going to guess that password slim to none.
- Change your password periodically. While your password might be strong, you should change your password every now and again, like biweekly or monthly. Just to be safe.
- Update plugins. It isn't just WordPress itself that needs to be updated! Those plugins must also be done in order to maintain the utmost level of security.
Is your WordPress site up to date?