WordPress Security

WordPress Hacking Woes…


WordPress Hacking Woes…

After starting my business in December 2010 the rise of general Hacking trying to infiltrate the standard WordPress CMS has grown exponentially. We all keep a lot of information and personal work within our websites so when it has been hacked it is heart breaking.

I am always asked by clients “why would someone do this to me?”

Well the main reason for a hack is normally to gain access to your information and in some cases to redirect your site to somewhere they feel will gain them money through advertising. Though I have encountered some hackers who just want recognition for their work which seems to be a breed that is coming out of newly developed areas of the world.

Risks, well firstly the worst sort of attack is where they are basically trying to gain access to your screen and keystroke details to inevitably harvest passwords, bank details and sensitive files. There is also the risk to small business as most rely on a website as their shop window and if this is broken or defaced then this can have a bad impact on sales or client retention.

What to watch out for in your WordPress website

A few things have come to light whilst repairing, rebuilding and cleansing several websites which have suffered a hacking attack – they include:

  • Random users appearing in your user area with admin access.
  • Text in the editing pane within the admin area is no longer visible (this allows the hacker to enter code without you seeing it).
  • When you click a page link another browser tab opens to a strange web-shop (or sometimes things which are not nice).
  • Unusual usage stats within your web-server .

There are lots of other things but generally if something is not the norm make sure you get it checked out.

Simple steps to make Hacking difficult for the Hackers

Now I am not offering the be all and end all of security solutions as if someone wants to get into your site desperately enough they will pull out all the stops, but it helps to make it as difficult as possible.

So here are some things to make a real pain for hackers to gain access to your WordPress website:

  • Never use “Admin” in any way shape or form as a user login name (the same goes for emails addresses to the domain name of your website like info@, admin@ or enquiries@ as the user name to your admin area).
  • Update your plugins, themes and WordPress platform regularly, people are out there making steps to keep hackers at bay so use the most up to date products.
  • Install a security module with “Brute Force” protection which changes the link which you use to login to your website (wp-admin and wp-login.php are well known to everyone to be the gateway to your website admin area so it makes sense to change this).
  • Install a simple firewall which not only stops spam but can also prevent access to some of the simplest back doors to your website.
  • Consider paying someone to look after your website hosting with a support agreement rather than running your own hosting.
  • Host your email on another server to prevent spambot entry (if your website gets hacked you can sometime rely on the hacker to take control of your email also so make it difficult for them and use a different server or product for this).
  • Use secure passwords (simple and true always se passwords which are complex and contain special characters).

Here are some useful links which can help keep your website nice and safe:

All in one Security & Firewall


Anti-Malware and Brute-Force Security by ELI

Secure Password Generator

I don’t endorse these products I have just used them before and they seem to work well.

Please feel free to contact me if you have any issues with WordPress Hacking