Site reputation – that’s what hackers want to steal from you for their own personal gain. Don’t think that you need to just be using WordPress to become a victim. I’ve seen regular HTML website fall prey to hack attacks too.
It typically all starts with your user name and password being stolen. Hackers create a phishing page that looks legit that they hope you will click and then enter in your user name and password into. The best defense is to never click links in an email and if you do click a link, never share login information no matter how valid a site or form looks.
Instead, go to your login address using your browser and access your account without clicking a link. You will typically find that there is not a problem with your account or access. But the email you had received had some dire notice that you were going to lose access or your account would be closed. Be suspicious of everything.
Troy Hunt has it right in his article on how and why hackers want to get into your site and steal your credentials. His article is worth the read to allow you to make sure to stay safe. You will be amazed at the extent hackers will use, to mask their presence in an effort to steal your credentials and then your website reputation.
Even the very best website and most vigilant webmaster can have their blog hacked. It just happens. Typically the higher you are in the organic search results the more attempts will be made to hack your blog.
Why does someone want to hack your site?
It is typically for these reasons:
- Parlay on your high placement and traffic to bleed off your search engine capital to a black hat optimizers list of sites that need “SEO Juice”.
- Parlay on your website placement and traffic to spew malware to your site visitors to turn visitors’ computers into spam bots.
- Use your unprotected site as a launch pad for black hat optimization doorway pages.
There is simply nothing personal about the situation, it is simply a crime of convenience. If you are not secure, you are a target. In some cases the security problem may be on your web host’s side, but in other cases the issue is on your website’s side.
I have successfully used several WordPress plug-ins on a number of client sites to lock out the bad guys, even ones who some how seem to keep getting in. Here are three of the plug-ins that I really like to use that help to beef up your security after you have thoroughly cleaned your blog and website from a hack attack.
WP File Monitor Plus
If you are repeatedly being hacked with this plug-in, you will instantly know which core files need to be replaced. The application can email or send you a text message.
Limit attempted intrusions by locking out bots and spiders who are testing your admin and trying to crack your password. You choose what settings to lock them out with. Your MySQL database will keep a list of attempts and lockouts so you can see the date of intrusion attempts.
WP Admin Renamer Extended
I love this one. First create a new admin file with a super secure name and password. Then rename your existing admin using this plug-in. But don’t stop there. Go back in and set your old admin user as a subscriber only; effectively locking out the bad guys that even if they can get back in they can’t make any changes.
These are great starts, but be aware that if a hacker really, really wants to get in they can be extremely difficult to keep out. My motto is make it very hard for them to get in and time consuming that they simply want to move elsewhere to do their dirty work.