Note from Tony: We’ve seen a LOT of WordPress websites get hacked recently, no less than 5 in the last month. The best thing you can do is to keep your site up to date and keep your passwords hearty because un-hacking a website is (almost) always more expensive than keeping it safe.
Recently we have seen a lot of people’s WordPress sites to get hacked because of these reasons: bad passwords and being out of date. The passwords we are talking about are not only the WordPress admin passwords, but also hosting account, FTP and MySQL passwords.
Most people want to use a password that they can remember, so that it is easy for them to get into their site and do stuff. The problem is that most easy to remember passwords are also really easy to hack.
Hackers will typically try the most obvious combinations of words and numbers to hack your site. So, the best advice that we can give is for you to use something completely random and use a password remembering software to handle saving the password for you. Your browser will do this, but if you don’t lock your computer then you are really no better off.
There is software with a great plugin for most modern browsers called 1Password, it will not only remember all your passwords on your computer and some mobile devices, it backs up to DropBox automagically, it can auto-generate random passwords for you, and you only ever have to remember a single password, ever. I use this software everyday, and protect it with a single 12+ character password I have memorized.
Good rules to live by if you are making up your own password:
- Never use any words from the title or domain of your site
- Never use your name
- Never use family member’s or pet’s names
- Don’t use your phone number, email, or social security number
- Always have lower case and upper case letters
- Always have some symbols: *&^%$#@!)(* if the site allows them
- Always have numbers
- Use more than 8 characters – this allows for ~ 1.05 × 1065 possible combinations (26 letters capital, lower, + symbols)
After making a right-proper password, you should take steps to protect WordPress. There are some great plugins that help with this, one of which will lock an IP address out and keep them from being able to login to WP after 3 failed attempts. It is called Login Lockdown, it is totally free and we can install it on your site for you.
If your site has been hacked, or you are worried about it getting hacked, please contact us. We can help you to prevent hackers and also to get rid of them once they have gotten into your site.
We can also help you to update your site to the newest version of WordPress and all your plugins We provide a services for this that includes a full back up of all files and the database in case something in your upgrade breaks.
Don’t end up with your WordPress site looking like this: (this was an actual customer’s website before we fixed it)
