Don’t get hacked
By Jessica Albon
If you’re using WordPress to manage your website, your website is vulnerable to hackers. There are some simple things you can do on your own to make your site more secure–like make sure you always have the latest version of WordPress installed–and there are some more advanced things that you’ll want to turn to the professionals for. Think it won’t happen to you? In the last few weeks, I’ve had clients with gigantic sites and the latest WordPress version get hacked, and clients with tiny sites (with fewer than 500 visitors/month) get hacked. It’s not about how many visitors you get, it’s not about how popular your site is–it’s just about getting unlucky.
What’s more, if your website is hacked, you can immediately lose your Google rankings–and those rankings can be very difficult to get back. If your site is hacked, your website can become an “attack” site (and be labeled as such by Firefox and Internet Explorer–meaning people won’t be able to visit your website). And, what’s more, for visitors who don’t have appropriate virus protection, if your site is hacked, it can install viruses to your visitors’ computers. (Is that really what you want associated with your website? That you gave someone a virus?)
Perhaps the most frustrating hack out there is the one that DELETES all of your website content so that you’re left with no site at all. That’s right, it cleans out the database of all of your posts and pages–if you don’t have a backup, you’ve just lost your entire site.
That’s why we’ve introduced our new WordPress Security Service. For a flat fee, we’ll boost your WordPress website’s security. Here’s what we do:
- We back up your entire site. That includes backing up all files related to your content and your professional website design.
- We scan your site. We run three different virus scanners on the files on your website to ensure there aren’t any viruses already there. Why three scans? Because we’ve had enough experience with the last scanner finding something the first two didn’t. Better safe than sorry.
- We delete any extraneous themes (any theme you’re not using should be deleted) and any extraneous plugins.
- We change file permissions. Each file in your website has set permissions. Some of those permissions let outside users edit the files (if they know what they’re doing). And, by default, some of the files in a WordPress site are usually set to be vulnerable. We check your file permissions and change any that need to be changed.
- We create .htaccess files. What’s an .htaccess? It’s a file that lets other computers know how to access your website. Without the right .htaccess files, hackers can access directories they shouldn’t be able to access.
- We unpublish your WordPress version. Some hackers run searches for vulnerable versions of WordPress and by default WordPress sites display their version in the code. We remove this so that no one knows which version you’re using. This adds extra protection for you.
- If you have an account with the username “Admin” we’ll delete it. (WordPress often uses this account by default and it’s the most vulnerable to hackers who try to crack passwords because they don’t need to guess your username.) If “Admin” is your only account with administration permissions, we’ll create a new user account for you.
- We create a Website Defender account for you. This monitors your site for changes so that if someone does manage to hack your website, you’ll know immediately.
- We set up automatic backups for your website so that your site will be backed up at regular intervals. This backup will be automatically emailed to you and will include your website content AND your website design. (In WordPress, your content and design are stored separately so it’s important to back up both.)
- We change all of your passwords so that they’re extra secure. (Of course, we’ll send you the new passwords!)
- We mail you a backup of your site on CD. Yes, this is old school. But it’s also the best way to ensure you have a full back up of your website. This is our way of adding that little bit of extra protection for you.
Are you ready to protect yourself? Then please sign up for our new service for all WordPress website owners. For just $500, we’ll boost your site’s security. These security improvements are more than enough to keep most sites safe from hackers. (Alas, with a really determined hacker, they can crack your FTP passwords with enough time and bandwidth so nothing’s 100% foolproof.) Think of this service just like having your teeth cleaned. It’s preventative maintenance that’s crucial if you have a business website.
May we help you protect your WordPress site from hackers?
P.S. Got questions? Contact us.