“There are two types of website owners: those who prepare to be compromised, and those who think it will never happen to them.” @SwiftOnSecurity
Why Hack My Site?
Any business with an online customer database, or one which processes electronic payments, are wildly lucrative for hackers, often called fraudsters in the financial industry. Fraudsters not only steal credit card numbers and demographic information to approve stolen charges; they retain your most personal information to commit identity theft in the future. While credit bureaus now offer protection against identity theft, the investigation process can be lengthy and stressful.
Some malicious hackers aim to obscure your website from search engine optimized (SEO) inquiries. When a hacker controls your site, they can plant bogus links on your pages which boost traffic for irrelevant sites. The worst part is, the other sites involved in these schemes are often unaware they’re involved.
As seen in email hacks belonging to executives, members of the media, and politicians, gaining control of your & your clients’ email accounts provides a hacker access to all email accounts associated with the primarily infected account or domain. If you’ve ever had your Facebook page hacked shortly after someone in your friend group has been hacked, this is a social media example of this data breach type.
Tips to Protect You & Your Clients
I often see my clients sites attacked by countries known with hacking problems, usually using the username “admin.” Naturally, I do not use “admin” for any of my usernames. Make sure your usernames are unique, ones that a stranger might not immediately guess.
Built-in plugins were born for theme developers to easily bundle their products. Since these plugins are under the control of the website developer, not the owner, communication is key. If one hasn’t thoroughly researched their developer, many plugins could potentially go unmaintained and out of date. The problem is the developer is given a plugin license to distribute, and is responsible for updating the plugin as time goes on.
Put detection software and a security plan in place. Being unprepared for a breach is the worst thing you could do for your business. I’ve listed the security plugins I’ve used for my WordPress-generated websites. Keeping these plugins and software updated is vital.
Here’s a collection of WordPress plugins great for small businesses.
- Hide My WP: One of my favorites! Hiding WordPress (WP) has strong privacy and security features. For example, hiding that a website is hosted by WP prevents or delays a hacker from knowing where your site’s vulnerability lies.
- Login Ninja: Login Ninja is pretty straightforward. Some basic login features like ban IPs, add captcha, redirect users, event log, and email notifications. You can buy this plugin in a bundle.
- Security Ninja: Security Ninja is the #1 top selling security related plugin. It’s great for performing tests, checking site vulnerabilities, preventative measures, and much more. You can buy this plugin in a bundle.
- Core Scanner: Core Scanner checks WordPress core files, identifies problems, restores lost files, and more. The plugin is a must-have for missing WordPress core files. You can buy this plugin in a bundle.
- Scheduled Scanner: Security Ninja add-on. Basically you can automate scanning by scheduling regular scans, etc. You can buy this plugin via a bundle.
- Events Logger: This is also an add-on to Security Ninja. Easily watch user actions, admin logs, and recieve email updates. This is great for quality control, or monitoring employee actions. You can buy this plugin via a bundle.
As shown above, this comprehensive security bundle is only $34!
Did you know?
If you have an monthly WordPress ShiloRune technical support agreement, your site already has the following:
- All the above security plugins at no extra cost
- Off-site data backups for the last seven (7) days
We value your site’s security at ShiloRune.