art@artifexstudio.com.au 07 5548 6430

How to Secure Your Website From Hackers and Hijackers – WordPress 101

Protect website from hackers

Website hacking and hijacking is on the increase again! Don’t take your website for granted.

Your website was a business investment, just like your computer hardware or vehicles. And, like them, your website needs ongoing maintenance, servicing and patch updates. Sometime soon, these will be automated much like your computer operating system or mobile phone automatic updates, but for now it still requires the manual service – just like your car.

There are some key factors you can adopt right now that can help you avoid the hijack nightmare.

If you’re running a WordPress site, these should be the Do’s and Don’ts that you keep in mind.

DON’T:

  1. Install too many plugins and stay away from old plugins that have not been recently updated. Plugins increase website vulnerability.
  2. Allow hijackers entry through your back door! What’s that you ask?! “/wp-admin” is the common login backend and hackers are very familiar with this link. Use a plugin that securely hides your admin access area.
  3. Succumb to Brute Force Attack. Again you wonder “what the?”! Brute force is a trial and error method used by automated programs to decode data such as passwords through exhaustive effort (using brute force). So avoid using common usernames like “admin” OR your web URL; and ALWAYS use one of those crazy long, don’t-make-sense passwords!

DO’S:

  1. Update Your WordPress site and plugins frequently. Like, check them every month. WordPress shows you what updates are needed in the Dashboard.
  2. Enable comment moderation if you allow comments on your site as you can monitor suspicious activity.
  3. Use strong password and captcha on your administrator login.
  4. Update your theme when needed
  5. Modify the permissions on WordPress from 755 default to 555. This means that any hard coded modifications should be done in file manager/ftp only.
  6. Keep regular offline backups of your website files.

How can you tell if your website has been hacked?

Web Inspector is a free online malware checking tool. http://app.webinspector.com/ If you receive a notification from Google then that is most likely a legitmate email. If you have Google’s Webmaster Tools installed on your site, it will also tell you. If you visit your website and see Google’s Red warning screen – that is a definite sign with all alarm bells ringing.

What if your website has been hacked? For the advanced…

If your site has been hacked and malware has been embedded into your code, you need to act quickly before it spreads to unsuspecting visitors to your site.

Suppose that code similar to the below has been embedded to some of your documents:

< ? php eval (b a s e 6 4 _ decode ( ‘ malicious _ code ‘ )); ? >

Adobe’s Dreamweaver program is one of the best tools to find the malicious code. To get started:

  • download all the website files on to your local computer using an FTP client.
  • start searching for the files that have been altered. Searching for “b a s e 6 4 _ decode” is a basic start.
  • when all the malicious code has been deleted, reload the website files to your hosting account.
  • then upgrade all your themes, plugins, CMS to their most recent stable versions.

To guarantee you are the only one who has access to your account, follow the steps below.

  1. Upgrade your Antivirus software to the most recent version. For Windows we suggest Norton Internet Security or AVG Internet Security.
  2. Run a total antivirus filter on your local PC including every single hard drive.
  3. Guarantee your operating framework (Windows, Linux or MacOS) is up-to-date and all security patches are connected.
  4. Guarantee your internet connection is secure. On the off chance that you are utilizing wireless connection, the main secure encryptions is wpa2. For more details contact your router seller or ISP.
  5. Periodically change your cPanel password.
  6. Change the passwords for your web applications administrator access.
  7. Check our fundamental security rules listed above and apply all the recommended solutions as possible.

All of that may seem daunting. BUT if you consistently keep your site up to date (which really isn’t difficult once you start), then you really are protecting your website and your visitors from significant harm. Remember… prevention is always better than the cure, and if you don’t maintain – it becomes a pain!