If your website runs on WordPress, you’re not alone. Approximately 35% of all websites globally are powered by WordPress – around 455 million sites in 2022. And, if your digital marketing agency recommends that you transition your current site to WordPress, it’s for a very good reason: WordPress-built sites excel in flexibility and security and there are a large number of WordPress developers available should you choose additional website development support.
But with popularity comes some problems. As WordPress continues to be the go-to content management system for the majority of English-language businesses, cybercriminals continue to find new and innovative ways to exploit the system. Many find their way through the virtual “back door” of a WordPress-hosted site not through any flaw in the site itself or its coding, but through simple human habits that criminals have, since the beginning of time, recognized and leveraged to their advantage.
To prevent your site from being hacked, we’ve put together a simple checklist of WordPress Site Management tips that the average small business owner can do on their own to maintain the security and integrity of their primary virtual real estate: their website.
While we can’t guarantee your site will be hack-proof, taking these simple steps will go a long, long way towards ensuring it remains secure and under your control. And, in the unlikely event you do encounter problems, we are here to help you address them quickly.
WordPress Site Management Checklist
- Secure the Administrator password: WordPress enables multiple levels of access, and the Administrator is at the highest level. Administrator-level rights enable the Administrator to set all other permissions, change anything in the site, and control the site itself. Be sure to change your password and use password best practices: lowercase and capital letters, numbers, and symbols, preferably in a random pattern that is difficult to guess.
- Set up 2-factor authentication: We know, we know; it’s a pain in the neck. It is, however, the best the cyber world has to offer to prevent someone from figuring out your password and gaining access to your digital world. Two-factor authentication can save you from a lot of grief if anyone guesses your password.
- Limit login attempts: Limiting login attempts ensures that criminals attempting to use software to guess passwords are immediately locked out. This is a good defense even if a criminal guesses your user name correctly.
- Update plugins: Plugins are third party applications that provide additional features on a WordPress site. WordPress is an open source platform, meaning that developers can create additional tools like plugins to add functionality to a basic WordPress site. Like any software, however, plugin developers issue frequent updates; these updates close gaps and loopholes or fix problems discovered post-launch. Updates ensure that the latest, most secure plugin release is available and prevents hackers from exploiting the code in older plugins.
- Remove disabled plugins: It’s easy to install plugins for a one-time use, disable them, and forget about them. But they’re still there, waiting in the background of your site, and a potential security risk. Disable unused plugins and then remove them entirely from the site. You can always add them later if they’re needed again.
- Shut off comments: Some marketers believe that comments on a blog help its SEO, but most of the time, comments come from random bots that post obnoxious spam. You can either shut off comments or install a plugin to manage comments if you run a content-based site that benefits from user interaction. Plugins that manage comments are good at screening the spammy stuff that can contain malicious code, and enable you to manually approve anything that is published to your website.
- Check your website frequently: Lastly, there’s no such thing in websites as “set it and forget it.” You should be logging into the back end (the administrative dashboard) of your WordPress website daily, or at least weekly. Logging into the site enables you to check and update plugins, monitor comments, and note any messages that appear in the site console. You should also check the publicly visible pages of your site frequently. Any unauthorized changes to the site’s appearance are a red flag that should be investigated by a competent WordPress developer.
What If Someone Does Break In?
Unfortunately, there’s no virtual police department you can call if someone breaks into your website. Some signs that your site has been hacked include:
- Unauthorized changes to passwords, users, or administrators. You may see strange names and email addresses appear on the User console in WordPress or you may receive warnings that someone is trying to change permissions.
- Your site is receiving a sudden high volume of traffic. Although we always love it when our customers get more search engine traffic, too much of a good thing is a big red flag. Sudden spikes in web traffic unrelated to marketing activities you’re doing or coming from countries you don’t normally conduct business in are signs something is amiss with your site.
- Your site isn’t opening properly, or some pages aren’t working. Sudden 404 errors, redirects, and pop up warnings are all signs of problems.
- Content on your website has changed without your knowledge. Hackers often insert content into a page for their own purposes.
- Google sends you a malware warning notice. Google does indeed send out malware indications if their search engines detect issues in a site. These should be brought to the attention of a competent Google expert immediately who can help you discover the root of the problem, correct it, and rectify the situation with Google.
These are some common signs of a security issue with a site, but not the only signs. If you suspect your site has been hacked, it’s time to call on the professionals immediately. Leaving the site riddled with problems is just making a situation move from bad to worse. You need to take action and fast before it impacts your business.
Your WordPress Security Check Starts Here
Dashboard Interactive Marketing can help you with your WordPress security, development, or update needs. We are a full service digital marketing agency with a team of content developers, designers, Google, and WordPress experts who can take your site to new levels of traffic and sales. We are happy to help. Please call us at 763-242-2454 for a consultation.