One week ago, someone we know got hacked on Wordpress. Some hackers created a backdoor on the website and created new and non legit administrator accounts. Once you have access as an administrator, you have power to do whatever you want.
But how did it happen?
Some plugins on Wordpress were not up to date, which means they were vulnerable and they were found by some hackers.
Here’s a list of the known plugins with security breach that hackers used in September 2019.
- Blog Designer
- Bold Page Builder
- Live Chat with Facebook Messenger
- Yuzo Related Posts
- Visual CSS Style Editor
- WP Live Chat Support
- Form Lightbox
- Hybrid Composer
- NicDark (nd-booking, nd-travel, nd-learning, etc.)
Now let’s talk about you.
Can you make your website more secure than an average WP websites with some easy tips? Yes.
Can we share them with you. Again, yes.
1/ First of all, try to create backups from your website. It’s the best way to always have your content up to date and...safe. In case of hacks or human errors, you will always have a safe backup of your content. So do it now! How to do it? Manually or with a plugin as WP All in One / Manage WP
2/ Secondly, ALWAYS have your plugins updated. It seems silly, but updates will fix bugs and security breaches... so if you see a notification about any plugin that needs to be updated, do it. It takes 2 seconds and if developers offer these services, you should definitely use them!
3/ Did you find a new security plugin? Does it seem better than the last one? Great! Upload it, activate it and enjoy. But what about the old one? Deactivate it and delete it, because having 4 security plugins won't help you to have a better protection. All those plugins (especially the free ones) do the same job. So delete what’s useless. And remember the tip number 2!
4/ Protect your Wordpress with the .htaccess file. What is it? It’s a powerful configuration file which allows you to do a lot of neat things on your website.
Powerful means "I can do what you want” but also “I have the power to destroy your world” so be sure to have a recent backup and good instructions because if something’s wrong, your website could be down.
Some examples of things you can do :
- deny access to your content
- deny access to your configuration
- secure your website with a password
- deny access to strange and repetitive ip
- redirect content of your page
5/ Change your password often and if you’re starting a new website, use a strong and unusual username and password.
You are an essential ingredient in our ongoing effort to reduce Security RiskKirsten Manthorne
6/ Most importantly, try to include this step in your digital routine: go in your back-office and check everything. Site health, correct number of users…Is everything ok? Awesome!
In conclusion, these few steps will save you a lot of time and frustration if your website is down. And, if you don’t have the knowledge yet, you can always contact us to check the safety of your website. We will be more than happy to help you and secure your business!