You’ve put all this time and effort into creating a masterpiece – self hosting, content, great photos, a pretty theme – it would be a shame if one day you woke up and it was all gone. But it happens. A lot. In fact, WordPress sites just took a hit – 100,000 WordPress sites were just hacked through an outdated plug-in.
And with all the current hacking situations – maybe it’s time you took the steps to protect your valued assets online. Don’t be native – just because you’re a little ole blog doesn’t mean you won’t get hacked like Sony. If you are hacked and infected, you are ‘blacklisted’ on Search Engines. That means all your valuable readers will see a scary red screen pop up when they come to your site saying “this site is infected with malware.” Not exactly good for your traffic and thus, your revenue. Scared yet? You should be. Now make these changes:
1. CHECK YOUR SITE NOW. CHANGE YOUR PASSWORDS.
Log in and check your site right now. It’s okay? Phew. Now make sure it stays safe.
And don’t use a password that is something like “password” or “123.” *eye roll* Yes – it might be easier to remember them that way, but that also makes you vulnerable to attack. Make sure you encrypt your passwords, and change them at least every 60 days or so. Not just your WordPress passwords either – change your email passwords, too. If you are using Google and have a lot of info stored on Google Docs, I am pretty sure you won’t want to lose any of that either.
TIP: Use a program that is credible to store all your passwords for you if you have trouble remembering like Dashlane. It’s free to host them on your phone/app. But you have to upgrade if you want them to be saved in the cloud (ex. – if you get a new phone, you NEED to write them down, they will NOT be automatically updated and saved).
Do it right now. Remember that scene from Sex and the City where Carrie “sad Mac-ed” and lost everything? It happens. Don’t lose your stuff! There are lots of ways to back up your site – usually your host will offer a nightly backup so look into it. Or, you can always save your own. I personally keep my own XML file on an external drive and I pull that once a month. Just so I have a back up of all my old posts and won’t lose them all. Plus, I know this is a CLEAN backup, so if I DO get infected, I’ll be able to reinstall an uninfected backup. You can save your own by going to Tool>Export>All Content.
Tip: If you’ve been blogging for a while, you might want to export in sections – the posts, photos, etc. individually. Sometimes if you have a lot of content, WordPress won’t like to do it all as a bulk upload and might crash, so just save yourself the stress!
Pay a company to back it up for you on the cloud like CodeGuard.com.
If you read anything about the WordPress hack, you’d know that they infiltrated all the sites through an OLD version of a plugin. WordPress doesn’t just send you updates for fun – they’re send for a reason. As soon as you’re asked to update your site, plugins, etc. DO SO. Also, take a quick walk through your website now – are there any plugins you aren’t using – DELETE. Mark it on your calendar to remind yourself to update your site at least once a month.
TIP: Install a security plugin. iThemes Security is a great way to get started that will put up some deterrents such as an away-mode disabling login feature, and changing the URLS for your WordPress login so it’s not as easy for an attempted hack. Another great one to check out is Wordfence.
Get started by running a check-up like Sucuri SiteCheck Scanner. This will tell you if you have any malware, out of date software, your blacklist status and more. Use a monitoring system that can put up a WAF (web application firewall) to protect your site like Cloudfare.com or Sucuri.net. Also, if you are infected, Sucuri is a the top security firm in WordPress right now to help you straighten things out. But, let’s hope we can avoid that!