WordPress is awesome but it does have some negatives…
As you may or may not be aware, WordPress can be somewhat vulnerable to hackers and because it is such a popular platform; there are tons of
WordPress sites out there, it has become a sitting duck for things like brute force attacks.
A brute force attack is pretty much where hackers use software to repeatedly try to guess your username and password, so you really want to make sure you keep your WordPress site safe from hackers.
A lot of people use admin as their username, which is really the first mistake, and this makes their job a lot easier. A lot of hosting script installation programs used to use ‘admin’ as the default username, however, the more recent ones usually give you the choice to make it unique.
The standard login url for WordPress is usually the website address with /wp-admin or /wp-login.php on the end of it, so this is another thing that makes it easier for these unscrupulous people to ‘prey’ online looking for anyone using WordPress who doesn’t happen to be aware of the problem, let alone how to fix it!
See down below for some solutions you can use to protect your site…
The Other Big Problem with Any Website
The other potentially big problem with having any website online, is that there is always a risk that something can go wrong and you can actually lose all your hard work!
Really very distressing when it happens to you… and I say when because I expect it is only a matter of time as to ‘WHEN’ it happens… it isn’t ‘IF’ it happens.
This is where I find WordPress to be really great… not because of WP itself, but rather because of some excellent plugins that you can use to actually help to back up your whole website, and make it just a matter of a few minutes to restore your whole site when you find the worst has actually happened!
A bit more about how I manage this problem a bit down the page…
My Own Experiences Having my Site Hacked
Having been online for so many years and using WordPress for a lot of years also, I have had to learn some lessons the hard way.
I have had some of my websites hacked…
I have had emails from my hosting company, saying that if I did not bring all my sites up to date to ensure they are not as vulnerable to a hacker (which also compromises their servers) then they would cancel my account.
The consequences of someone hacking into your site can be very obvious, with them replacing your website with their hacker message, to insidiously stealing your bandwidth or using your account for their spamming activities.
Sometimes you don’t even know it’s going on… at least not straight away.
Let me tell you… especially if you have a lot of websites like I have had in the past, when they get into your hosting account they can access all your sites and contaminate each one of them with various malware scripts or files and it can be a big job to clean up.
Website security has become a huge issue and really needs to be addressed if possible from the moment you get yourself online.
Luckily… it’s not all that difficult to protect yourself, so long as you know what to do.
Problems With Losing All Your Hard Work.
Yes this has happened to me a few times… just out of the blue things just disappear as was the case once when my hosting company for some reason had my database just vanish!
They didn’t know what happened, and apparently could not restore it because they didn’t have a backup either! So I don’t just rely on my Hosting company to backup my sites, needless to say…
Not sure if it was their fault or mine, related to my lack of security leaving my website vulnerable to hackers.
Either way the consequences are never good…
Luckily for me though I did have a good backup system in place, so I was able to restore the site, literally within minutes.
There are a couple of things that can ‘break’ your website, and when it happens it can be rather scary and confusing… not to mention time consuming.
For example… plugin incompatibility…
Occasionally you will install a plugin that will just bring up a bunch of error messages on a page, and in some cases will replace the landing page with a coded page of errors!
This can sometimes also affect what visitors see when they go to your site, and not just your access to the admin area.
If you use an FTP program (I use Filezilla, a free program) or if you can log into your hosting panel then you can likely just remove the plugin folder that you have just tried to install and in most cases it will fix your site, however, it is always nice to know that you have a complete site backup just in case you actually need to restore the whole site.
WordPress Security & Backups are Critical
So both WordPress security and Website backups are really important issues to be addressed as soon as possible if you are building a website.
Now… don’t be tempted to think that WordPress might not be worth using because of these issues… It is, in my opinion, most definitely the best Content Management System out there for many reasons…
- Ease of use
- Google loves it (so helps towards getting your site listed on search engines)
- Tons and tons of plugin and theme choices to help with making your site look professional and to function well.
- Compatible with all sorts of business models from blogging (it’s original use), to business sites on and offline to eCommerce and affiliate reviews sites to name a few.
- Most problems straightforward to fix with the use of plugins
Solutions I Use and Recommend
I use some free plugins as well some premium (paid) plugins and they are both excellent.
The free one I often use is called Wordfence. This is a Anti-virus, Firewall and High Speed Cache plugin… although I also use W3 Total Cache which helps and GD Press Tools which help with the page loading speed of the website.
So with WordFence I have mainly used it to lock out frequent log in attempts as well as to let me know of hacking attempts via email. There are a bunch of settings but there are only a few that I change.
As with a lot of plugins, there is the free version and a paid version that offers more features… I only use the free one with this plugin.
There is another plugin called Securi alert and while it is good, I have found that it is not compatible with another plugin I like to use; Ozh’ Admin Dropdown Menu, so I am tending not to use it so much at the moment. It also has a free option.
Another one that I have recently found but have not used much yet, is All In One WP Security… It has a lot of users and a very good star rating.
Having a look through it, it will also do the job of another premium plugin I use, but which looks like is no longer available for sale.
The Premium plugin I have been using a lot is called WP Lockup, and as I say, it seems that it’s no longer available and I’m not sure about future updates. So I can’t really recommend it to others as such, unless you happen to already have it…
It is a pretty simple plugin and doesn’t do as much as the ones I’ve mentioned so far, but it adds a captcha to the login page and also allows you to change the login url which I find is really helpful when you find yourself under a brute force attack (which you will most definitely have happen at some point).
The last free plugin I mentioned, All In One WP Security, also has this feature of being able to change your login url. So instead of yourwebsite.com/wp-admin or yourwebsite.com/wp-login.php you can make your url whatever you wish by changing the extension to something like… yourwebsite.com/mysecretlogin or whatever you want.
I use a paid plugin called Backup Creator and I have found it not only simple and easy to use (so you don’t have to understand how to restore databases etc.), but also relatively inexpensive to purchase.
I not only use this to regularly backup my sites… usually whenever I make changes to the site, but also I save basic installations so that I can speed up the setup process of a new website, with all the plugins and settings the way I want them.
The one thing you have to keep in mind though… is that you have to double check that the email and name of the site is changed to the correct details.
It does change some, but you have to do some manual changes in some plugins such as Fast Secure Contact Form and maybe your SEO plugin… (I use WordPress SEO by Yoast). You might also need to check your profile page, and settings page just to be sure these are correct for your new site.
There are other premium backup plugins that I have used but I keep coming back to this one for ease of use and cost. I haven’t found a free alternative either that I like as much… because it is not just how easy it is to back up the website, but also how easy it is to restore it as well 😉
Maybe Some Demo Videos…
So I was thinking of doing a couple of videos showing how to set these plugins up… perhaps I can get to that soon, either during but more likely after the Quick Start Challenge is finished.
Meanwhile I hope you find this information useful… Maybe let me know, in the comments below, if you would like me to add video demos to this page.