WordPress is awesome but it does have some negatives…
As you may or may not be aware, WordPress can be somewhat vulnerable to hackers and because it is such a popular platform; there are tons of
WordPress sites out there, it has become a sitting duck for things like brute force attacks.
A brute force attack is pretty much where hackers use software to repeatedly try to guess your username and password, so you really want to make sure you keep your WordPress site safe from hackers.
A lot of people use admin as their username, which is really the first mistake, and this makes their job a lot easier. A lot of hosting script installation programs used to use ‘admin’ as the default username, however, the more recent ones usually give you the choice to make it unique.
The standard login url for WordPress is usually the website address with /wp-admin or /wp-login.php on the end of it, so this is another thing that makes it easier for these unscrupulous people to ‘prey’ online looking for anyone using WordPress who doesn’t happen to be aware of the problem, let alone how to fix it!
See down below for some solutions you can use to protect your site…
The Other Big Problem with Any Website
The other potentially big problem with having any website online, is that there is always a risk that something can go wrong and you can actually lose all your hard work!
Really very distressing when it happens to you… and I say when because I expect it is only a matter of time as to ‘WHEN’ it happens… it isn’t ‘IF’ it happens.
This is where I find WordPress to be really great… not because of WP itself, but rather because of some excellent plugins that you can use to actually help to back up your whole website, and make it just a matter of a few minutes to restore your whole site when you find the worst has actually happened!
A bit more about how I manage this problem a bit down the page…
My Own Experiences Having my Site Hacked
Having been online for so many years and using WordPress for a lot of years also, I have had to learn some lessons the hard way.
I have had some of my websites hacked…
I have had emails from my hosting company, saying that if I did not bring all my sites up to date to ensure they are not as vulnerable to a hacker (which also compromises their servers) then they would cancel my account.
The consequences of someone hacking into your site can be very obvious, with them replacing your website with their hacker message, to insidiously stealing your bandwidth or using your account for their spamming activities.
Sometimes you don’t even know it’s going on… at least not straight away.
Let me tell you… especially if you have a lot of websites like I have had in the past, when they get into your hosting account they can access all your sites and contaminate each one of them with various malware scripts or files and it can be a big job to clean up.
Website security has become a huge issue and really needs to be addressed if possible from the moment you get yourself online.
Luckily… it’s not all that difficult to protect yourself, so long as you know what to do.
Problems With Losing All Your Hard Work.
Yes this has happened to me a few times… just out of the blue things just disappear as was the case once when my hosting company for some reason had my database just vanish!
They didn’t know what happened, and apparently could not restore it because they didn’t have a backup either! So I don’t just rely on my Hosting company to backup my sites, needless to say…
Not sure if it was their fault or mine, related to my lack of security leaving my website vulnerable to hackers.
Either way the consequences are never good…
Luckily for me though I did have a good backup system in place, so I was able to restore the site, literally within minutes.
There are a couple of things that can ‘break’ your website, and when it happens it can be rather scary and confusing… not to mention time consuming.
For example… plugin incompatibility…
Occasionally you will install a plugin that will just bring up a bunch of error messages on a page, and in some cases will replace the landing page with a coded page of errors!
This can sometimes also affect what visitors see when they go to your site, and not just your access to the admin area.
If you use an FTP program (I use Filezilla, a free program) or if you can log into your hosting panel then you can likely just remove the plugin folder that you have just tried to install and in most cases it will fix your site, however, it is always nice to know that you have a complete site backup just in case you actually need to restore the whole site.
WordPress Security & Backups are Critical
So both WordPress security and Website backups are really important issues to be addressed as soon as possible if you are building a website.
Now… don’t be tempted to think that WordPress might not be worth using because of these issues… It is, in my opinion, most definitely the best Content Management System out there for many reasons…
- Ease of use
- Google loves it (so helps towards getting your site listed on search engines)
- Tons and tons of plugin and theme choices to help with making your site look professional and to function well.
- Compatible with all sorts of business models from blogging (it’s original use), to business sites on and offline to eCommerce and affiliate reviews sites to name a few.
- Most problems straightforward to fix with the use of plugins
Solutions I Use and Recommend
Security Suggestions…
I use some free plugins as well some premium (paid) plugins and they are both excellent.
The free one I often use is called Wordfence. This is a Anti-virus, Firewall and High Speed Cache plugin… although I also use W3 Total Cache which helps and GD Press Tools which help with the page loading speed of the website.
So with WordFence I have mainly used it to lock out frequent log in attempts as well as to let me know of hacking attempts via email. There are a bunch of settings but there are only a few that I change.
As with a lot of plugins, there is the free version and a paid version that offers more features… I only use the free one with this plugin.
There is another plugin called Securi alert and while it is good, I have found that it is not compatible with another plugin I like to use; Ozh’ Admin Dropdown Menu, so I am tending not to use it so much at the moment. It also has a free option.
Another one that I have recently found but have not used much yet, is All In One WP Security… It has a lot of users and a very good star rating.
Having a look through it, it will also do the job of another premium plugin I use, but which looks like is no longer available for sale.
The Premium plugin I have been using a lot is called WP Lockup, and as I say, it seems that it’s no longer available and I’m not sure about future updates. So I can’t really recommend it to others as such, unless you happen to already have it…
It is a pretty simple plugin and doesn’t do as much as the ones I’ve mentioned so far, but it adds a captcha to the login page and also allows you to change the login url which I find is really helpful when you find yourself under a brute force attack (which you will most definitely have happen at some point).
The last free plugin I mentioned, All In One WP Security, also has this feature of being able to change your login url. So instead of yourwebsite.com/wp-admin or yourwebsite.com/wp-login.php you can make your url whatever you wish by changing the extension to something like… yourwebsite.com/mysecretlogin or whatever you want.
Backup Options…
I use a paid plugin called Backup Creator and I have found it not only simple and easy to use (so you don’t have to understand how to restore databases etc.), but also relatively inexpensive to purchase.
I not only use this to regularly backup my sites… usually whenever I make changes to the site, but also I save basic installations so that I can speed up the setup process of a new website, with all the plugins and settings the way I want them.
The one thing you have to keep in mind though… is that you have to double check that the email and name of the site is changed to the correct details.
It does change some, but you have to do some manual changes in some plugins such as Fast Secure Contact Form and maybe your SEO plugin… (I use WordPress SEO by Yoast). You might also need to check your profile page, and settings page just to be sure these are correct for your new site.
There are other premium backup plugins that I have used but I keep coming back to this one for ease of use and cost. I haven’t found a free alternative either that I like as much… because it is not just how easy it is to back up the website, but also how easy it is to restore it as well 😉
Maybe Some Demo Videos…
So I was thinking of doing a couple of videos showing how to set these plugins up… perhaps I can get to that soon, either during but more likely after the Quick Start Challenge is finished.
Meanwhile I hope you find this information useful… Maybe let me know, in the comments below, if you would like me to add video demos to this page.
Hi Lynne,
very informative article and I am going to implement your recommendations as soon as I am finished with my comment! Thank you for addressing this issue, explaining “why’s” and providing solutions!!!!! Have a great weekend!
Thanks Desana, Really pleased you found it helpful… Let me know if you strike any issues… Backing up would be the best thing to do before you do much else… just in case something goes wrong when installing or setting up a plugin. Hope you have a great weekend also. 🙂
Hi Lynne,
Another plugin for backup that might be useful is Updraft. It can backup into the Cloud, Amazon S3, or also send you backups via email on a regular basis.
A short video where you show your settings for the Wordfence plugin to prevent log in attempts would be quite useful for many of us. 🙂
Thanks for the practical list of resources, really appreciate the roundup. All the best!
Hi there Oggie, Awesome that you shared some other solutions… I have not heard of Updraft, so will have to check that out. One thing that I have found though (which I mentioned), is not just the ease of backing up, but also the ease of restoring files after a problem has occurred. Sometimes the various ‘backup’ alternatives will just back up databases, and not necessarily the whole site, so then it is a matter of knowing how to restore the databases.. etc.
All that being said… I will definitely try to sort a video or maybe one short one for each plugin so that I can show you how they work, or how I have been using them. Thanks again for stopping by and leaving a comment… I will be checking out your site as well. 🙂
Excellent tips…WordFence works great for alerting and blocking attempts at hacking and helping you to keep plugins and themes up to date. I had several sites hacked and it is not much fun.
Backups are the other critical part and insurance for you and all of your hard work.
Hey Steve, Thank you 🙂 WF is certainly a handy one. I’ve only been using it for a few months, but have found it very good so far. I have been backing up a whole lot longer though… no fun at all when you lose everything! I’m falling behind getting back around to other people’s sites… But I will definitely get there, and I will also make sure I do the same after the challenge is over, because that is when it is going to count even more. Meanwhile, things are busy here… looking after my Dad and trying to get these challenge tasks sorted. Hope all is going well with you, and will try to get to your site asap. 🙂
Hi Lynne,
Excellent article with great advice. I can tell you’ve been around the block on the Internet a few times and know what you are talking about! I say this because I too have learned the hard-way about hackers, and losing website data, and not having a backup. So again thanks for the advice and keep up the good work! I see that you have your optin up and running too. You have a great looking site with valuable and interesting information….You are going to be great!
And I so impressed with the single Mom thing…You go girl!
Art
Hey there Art, thanks so much for taking the time to stop by and make a comment… and thank you for the kind words… I have been around online for a long time, and for so long I felt like I didn’t have a lot to share because I was not making 5 or 6 figures a month… it’s only recently that I have realized this was ‘stupid’ thinking on my part, and that I can really offer a lot to people, especially those starting out! Totally agree… learning the ‘hard’ way is never the best way to learn, and learning from others mistakes is obviously so much better 🙂 I hope to be able to get into a more regular publishing schedule once I get things more set up, and I plan on trying to put up more valuable and interesting information, so your comment there is encouraging. As for the single Mom thing… Lol definitely a challenge that never ends as it turns out… but obviously worth the effort. 🙂
Hi, its Steven here from QSC,
Great article. I really learned a lot. A lot of websites have their own pros and cons. We just really have to be careful.
Hi Steven, Thanks for taking the time to comment… much appreciated, and I’m very glad you found the article helpful… And you are right of course about the pros and cons 🙂
Hi Lynne,
Another great post on a very important topic! I installed that Wordfence plugin also and get those frequent emails regarding attempted hackings. I will certainly check out some of the other security precautions that you recommend. I definitely need to find a paid back up option…do not want to lose everything!
Hi Barbara, Thanks so much for the kind comments… It means a lot. I am still planning on doing a video, but not sure if I will get it done before the challenge is finished… And definitely do check out the backup options 🙂
Fantastic article about security with some excellent recommendations for people. I think the pain of being hacked doesn’t hit home for many people until they are a victim, and end up losing your hard work.
After this hard lesson you never forget – but it’s often not the ‘sexy’ topic which motivates people to take immediate action.
I use All in One WP backup and Blogvault at the moment, with Wordfence on other sites too. I also secure my sites with Clef – dual factor authentication which means anyone logging into my sites backend needs my phone to do so.
Hi Ant, thanks so much for stopping by and taking the time to make a comment… Very nice of you. You are so right about the pain of being hacked, especially for those who are ‘tech challenged’… it can be almost enough to make people ‘throw in the towel’ and give up completely! Thanks for sharing the ones that you use for backing up… Have not heard of some of them, so will have to check them out as well… 🙂
Nice and informative article. Regular backups, strong passwords and regular updates are absolutely necessary. 😀
Thanks Ozer… And totally agree with you…all absolute essentials…:)
Hi Lynne,
I can tell you that I too have had the pain of being hacked, the pain of losing everything (including a domain once when the hosting decided to quit being hosts) and that backups are absolutely invaluable – although I bet many people won’t start on a routine until after the first time that something goes bad for them. All we can do is preach the message and hope a few at least sing Hallelujah.
A wonderful and entertaining article and very informative. Should be made compulsory reading for anyone setting up a WordPress blog for the first time.
Regards,
Steven Lucas
Hi Steven, You are most likely right, as most of us tend to learn the ‘hard way’… Still there are a ‘wise’ few who learn from others! And thank you for the kind words, I’m very happy you found the article informative… ‘Compulsory reading’… lol… I can hardly disagree with that!! 🙂