As a marketing guy, I love open source types of projects. That is exactly what draws so many people to WordPress as a content management system for their sites. By far, it is the top choice for website designers, marketing agencies, and the average guy throwing up a site quickly. You can add posts, pages, change menus, and the list goes on.
But what happens when you try to log into your website and see the RED Screen of death? You’ve been hacked by a virus because you didn’t use any security measures to protect your site. In a frantic, you try to fix it, but find out that your database has been corrupted and you’ve lost your data. In today’s post, we’ll talk about securing your WordPress site with some handy plugins to make sure everything is locked down tightly.
WordPress Plugin 1 – Sucuri.net
Anyone who hosts on WordPress should realize that it is a matter of when, not if! You will be hacked! If you’re driving a lot of traffic to your website, then it is important that you’re notified as soon as possible. The paid plugin Sucuri.net allows you to be notified if there are changes to your site. It allows you to also secure or “harden” your site with just one click after installing the plugin. Lastly, the plugin has the ability to block IP addresses if they are trying a bruit force attack.
Yes, there is a FREE plugin from Sucuri.net, but my suggestion is that you bite the bullet and purchase an account with Sucuri so that you can be notified. This will allow you to download the premium plugin which I have installed on my site. I rest easier knowing that my data is being protected and that I’ll be notified in the event of an attack.
A final word about the paid version of Sucuri. If your site is hacked, they will remove the virus from the site as part of the paid plan. Even if it takes them several hours, they will do it as part of your plan without any added fees.
WordPress Plugin 2 – DBC Cron Backup
The second plugin that I suggest is a back up plugin which will back up your entire MySQL database on a daily basis. You simply do a quick one click installation and then you’ll be able to schedule nightly back-ups for your site. The plugin works quietly in the background protecting your data on a daily basis. Remember data security matters! As a blogger writing content on a daily basis, a hack that wipes out my database would be devastating!
If I’m hacked, which I know it is only a matter of time until I am, I’ll first be notified by Sucuri.net via SMS and email. I can then forward that email to my developers and they can try to do the quick fix on the site. If the database is messed up, then they can quickly install the previous day’s database and I’m all set.
WordPress Attacks and Why You’ve Been Hacked
It is important to remember that when your site is hacked to NOT take it personal. There isn’t some hacking identity like “alias” out to get you. It probably isn’t your neighbor trying to access your credit cards either. In 99% of all WordPress hacks, it is a bot going out looking for vulnerabilities on websites. They will exploit the security gap by injecting some sort of code onto your site so that they can take advantage of your traffic. Sometimes this involves installing a Trojan Horse, but in most cases it is a redirect script to a site that is distributing malware or trying to monetize the traffic.
The best thing you can do to prevent yourself from being hacked is keep your version of WordPress up to date. Update your plugins when new releases come out. In most cases there are security issues with the plugin and your site could be targeted if you don’t update.
I typically update my plugins about once a month. I don’t want to be the first to update my plugin in case there is an issue with the fix, so I’ll give them a few days to work out the bugs. If there is a new version of WordPress available, I will install it fairly quickly because most releases of WordPress are very strong. Again, any WordPress site that isn’t updated, will be hacked. It is a matter of time. Be prepared for the event so that you can take it all in stride.
Update 4/24/19 – Yesterday, I received a warning on this site. Because of the text about hacking, Sucuri.net picked up the text and alerted me that my site was hacked! So, as an added bonus, it alerts you in they think someone injects spam text onto your site. They cleared the warning in a couple hours once they realized it was my post. However, this is a great feature. I also wanted to show you that you can show off a banner ad for security if you’d like as well. Here is the banner ad for DMB.
Question or Comments: Have you been hacked and what did it do to your business?