Do WordPress Sites Get Hacked?
Yes, if your blog website is not secure enough it can get hacked. Several reason can cause this:
- Using old version of WordPress.
- Using old version of WordPress Plug-ins.
- Using a simple password in Login page.
How do you protect your site against hackers?
- Always use strong password.
Do not forget you should always use a strong password especially if you are the admin, in order to prevent site hacking.
A strong password should be at least seven characters long. To make it stronger, use upper and lower case letters, numbers and symbols like ! ” ? $ % ^ & ).
Please remember usernames ( for Contributor, Author, Editor, or Administrator) cannot be changed. So choose carefully.
You should combine letters, symbols, and numbers that are easy for you to remember and hard for someone else to guess.
You can create pronounceable passwords, even if they are not words, that are easier to remember for you.
Do not use words that appear in a dictionary, in any language, make cracking your password that much easier.
- Always use SPAM Protection
I recommend this plugin: – Captcha By BestWebSoft
- Choose a good hosting provider. I recommend 1&1 for Web Hosting
- Keep WordPress up-to-date. If there is a new update or newer version is released, install the latest version of WordPress.
- Use only good plugins. Take a look at ratings of the plugin before install it. Do not install too many plugins. They can cause problem in long run.
- Remove all disabled plugins and inactive themes.
- Do not share your hosting, mySQL database information, FTP information with others.
- Better WP Security
- Simple Login Lockdown
- For your database back up use WordPress Importer Plugin
Do not give your Customer ID and Password of hosting control panel information to others. Except if your web designer controlling your site and making back ups for your site, you need to supply FTP and database information.
For security reason you may change your passwords regularly, however pay attention, if you change mySQL database password you will brake the site completely. So do not be surprised if you see an error like this on the web, instead of your site:
Warning: mysql_connect() [function.mysql-connect]: Access denied for user ‘dbc12345678′@’18.104.22.168′ (using password: YES) in /homepages/45/d12345678/htdocs/global.php on line 13
Connection Error Access denied for user ‘dbc12345678′@’22.214.171.124′ (using password: YES)
Here are some important facts:
1. Do not change database passwords, unless you know what you are doing. If you ever changed make sure that your web designer is aware of this. ( this is the case if you have a web designer working for your blog site )
2. Do not change hosting panel login password without telling the new password to your web designer if you want more work to be done on your site in future by that web designer. Especially if the designer doing back-ups for you, you can cause serious problems.
3. Do not change FTP password if the web designer has not finished working on your site.
You can also try a few plug-ins for your extra security:
The “wp-spamspan” plugin implements strong, automatic anti-spam protection
for email addresses in content on a WordPress site. wp-spamspan | By Chip Rosenthal.
Better WP Security takes the best WordPress security features and techniques and combines them in a single plugin thereby ensuring that as many security holes as possible are patched without having to worry about conflicting features or the possibility of missing anything on your site. Better WP Security | By Bit51.com.
Simple login lock down is a way to protect your WordPress blog from brute force login attacks.
Simple Login Lockdown | By Christopher Davis.
WordPress Importer import posts, pages, comments, custom fields, categories, tags and more from a WordPress export file.
WordPress Importer | By wordpressdotorg
If you are working on your blog site keep in mind always use firewalls whenever you are updating your site.
Use an anti-virus software to protect your computer from viruses, spywares, malwares. They can detect malicious software that may try to attack your web properties.
If you are suspicious of your email being hacked, you may try this website to check it out:
The most important aspect of your site is the back-ups. Do not forget making regular back-ups of your site. If ever the server crashes, or your site being attack by hackers, you can always restore it with your back-ups.