I’ve been asked this question multiple times over the last couple of weeks, so I thought it time to write a blog on why your WordPress site is likely getting hacked and what you can do about it.
WordPress is the most popular tool on the market for creating any kind of website, from a simple blog to fully-functioning website. It is fully customizable, meaning, with the right know-how, it can get just about anything you want from a web platform.
If it’s such a powerful, popular platform, why does it get hacked so often?
There are some very simple reasons why you are getting hacked:
- You aren’t updating your software. Always keep your WordPress theme, software, and plug-ins up-to-date. This means at least one a week, check to make sure everything is updated by logging into your site. If there are updates required, you’ll get a notice on your Dashboard. Make sure you back up your site and then complete all the updates.
- You’re hosting is not secure. Make sure your web hosting is secure. Use reliable services like BlueHost or SiteGround. It may cost more than some other options, but they are secure and reliable, with excellent tech support to help you with any hitches.
- Your password is too easy to hack. Make sure you use a strong password and change it regularly. Never use your some or all of your business name. Never use important years. Never use the names of people you know or your pets. These things are easy to find on social media and savvy hackers will be able to crack your password. Come up with something completely random. Change it often.
- Your log-in page is not secure. Make sure your WordPress Admin (wp-admin login page) is secure and do not use “admin” as your username.
- Your site doesn’t have an SSL certificate. Make sure you have an SSL certificate for your site. This means your url is “https://” and not “http://”
More tips on keeping your site secure:
- Set up a website lockdown feature. This means if there are multiple failed attempts to log in (which happens when someone is trying to figure out your password) the site locks the user out for a period of time.
- Install a security plug-in, like iThemes Security. This plugin will take care of most of what I discussed in this blog. It’s free and super easy to use!