Is your WordPress website or blog secure?
Over 23% of the top 10 million websites are built using the Content Management System called WordPress. It is also the most popular blogging system and is used by over 60 million blog sites.
One of the best finds this year was a free plugin called Wordfence. As a WordPress website developer, I was spending hours every day just keeping up with the latest security threats and remedies. Wordfence made that task so much easier and efficient. I highly recommend it, including the paid version that allows you to block incoming traffic by country from trying to scan or login to your website dashboard.
Is someone from China really interested in renting mason jars for wedding ceremonies? Of course not. Why would a visitor from Russia need information on horseback riding lessons in Sacramento?
So what are they trying to do?
Phishing – Phishers will send you an email that says you need to log into an account (they provide the link) in order to fix something, renew a membership or receive a special offer. What they are really doing is capturing your login username and password. The safest way to avoid phishing is to always log directly into the website where your account is located and enter your username and password there. If they need you to update your account, or if they have a special offer, it can be accessed in your account.
Learn more about safe practices for logging into your accounts at the Wordfence Learning Center – click here. It’s safe… 🙂
Hacking – Your web developer should know how to protect your website database that includes all your customer data, purchases, images and contact form submissions. The first step is to make sure you have an SSL certificate so that your website is HTTPS. This means that communication between the browser and the web server is encrypted. It costs a little more each year (about $70) but is worth it! Your visitors will know their information is more secure, and since Google now rewards HTTPS sites with better search rankings, you will have more customers, supporters or donors find your site!
Learn more about hardening your WordPress site at the Wordfence Learning Center – click here.
Why are they doing this?
Some hack or phish just because they can. Bragging rights are important to techies. But most are attempting to place a link on your website that will lead visitors to a product, porn, or a form where they will attempt to gather even more personal information that can be used to apply for credit card accounts etc.
They are also attempting to collect email addresses so they can send out an email that looks like it’s coming from a familiar source – YOU!
Is your friend really stuck in the Philippines with no money? DELETE!
TIPS: The best way to keep your website and your computer safe is to use common sense, and to consult a professional web developer when an inquiry just doesn’t look right.
- Don’t publish a live link to your email on your website, and use a custom contact form instead.
- By all means, purchase a SSL certificate and have your web developer activate it on your site.
- Use a “cleaning system” such as SiteLock that will scan the backend of your site daily and remove malicious script before it can do any damage.
- Install Wordfence on your WordPress site and use this helpful tool to keep the bad guys away!
Need help? Get in touch with Capitol Social Internet Marketing and we will give you some helpful advice.