Attack of the botnets – what can you do to keep your WordPress site safe

wordpress logoIf you have a WordPress site, its probably being attacked by hackers right now. In fact industry research suggests that there are more than 3,300 automated bots attempting to access any given WordPress site at any time.

Does that mean WordPress isn’t secure? No – WordPress is simply the world’s most popular website development platform. Sites build on other platforms will be attacked too, but the sheer number of WordPress sites means the figures add up.

Botnets are a network of infected computers that can be controlled remotely by hackers. The number one reason for trying to hack your site will be to use it distribute malware to other computers or to send spam emails. If your website is hacked, it can lead to you being blacklisted and removed from search engines or completely blocked from public view

While WordPress is generally a very secure platform, with the number of attacks happening, its important that you make sure you do everything you can to ensure you don’t become a victim. There are a number of security methods you can use.

What can you do about it?

1: Password and Username

This is probably the most important – and simplest – barrier to botnet attacks, and often the biggest weakness in sites that get hacked.

One of the main ways to break into a site is to use a program to “guess” usernames and passwords – trying hundreds of combinations a minute.

The default username for a WordPress is “admin”. If you do anything, you should change this. This will be the first username the hackers try. Call it something that can’t be guessed – for instance if your company is called John Doe Llama Sanctuary, don’t use John_Doe (or anything similar) as a username.

Similarly with your password – you’d be surprised how many users still have password1234 or similar. The best bet is to use a random password generator (eg passwordsgenerator.net) to create something complex that will not be guessed.

2: Check your site for vulnerabilities

There are online tools to check your site to ensure it is secure. Tools such as Hacker Target can show you how hackers see your site – they will highlight vulnerabilities and tell you when things like out of date plug-ins might be compromising your security. You can then fix these yourself, or contact your web company to help

3: Talk to your web company and/or hosting provider or talk to us about our Tickbox Support-Extra Packages

There are plenty of things your web company and web hosts can – and should – do to keep your site secure. At a minimum you should check that they are:

Using security and monitoring tools such as WordFence to make sure plug-ins are up to date and to monitor any attempts to hack
Making regular back-ups of your site to ensure
Are using secure hosting – ask what steps they have taken to secure your server
Are regularly updating your site to make sure you have the latest versions of WordPress and any plug-ins you use. Out of date software is particularly vulnerable

Provided you take these measures, WordPress is an extremely secure platform – but vigilance is alway recommended. Stay safe out there!