There was a time when the majority of sites that hackers focused on were government related, either defense contractors, utility companies or the like. Now, it seems as soon as a WordPress site is launched, it’s prone to attack.
Don’t get de-indexed
Cybercriminals seem to love probing themes, plugins, logins and php files for vulnerabilities. The fastest way to get de-indexed by Google is to let your guard down, allowing these guys to upload malicious script on your site.
The dreaded warning page
Cleaning it up after the fact can be a real pain, not to mention your site will be redirected to a warning page that says your site is unsafe – to continue on to the site at your own risk. And even then, after clicking to continue through, the warning pops up a second time.
The warning goes something like this. “Deceptive Site Ahead. Attackers on www. xxxxxxx .com may trick you into doing something dangerous, like installing software or revealing your personal identification (for example, passwords, phone numbers or credit cards). Google Safe Browsing recently detected phishing on xxxxxxx .com. Phishing sites pretend to be other websites to trick you.”
Wait until your malware protection kicks in
Wait until your malware protection catches on. You won’t even get to the warning page as it’ll block access to the site altogether.
And cybercriminals don’t just make one attempt and give up. They keep trying over and over and over. If you have your site locked down tight, no problem. If you’re not on your toes, updating every WordPress version, theme and plugin as soon as they’re released, you put your site at risk.
It’s not all on your hosting provider to protect your site
Working with your hosting provider helps to some degree, but for the most part, you’re on your own dealing with locking down a WordPress site. So what can you do to stop these guys in their tracks.
- Use strong passwords not just for your Admin login but also for your databases
- Modify the path for the Admin login
- When new versions for WordPress, themes or plugins are released, update them immediately
- Use a security plugin like WordFence or Shield WordPress Security
- Setup a Honey Pot script if you’re not using the conventional Admin process, where as soon as these guys call http://mydomain/wp-admin/, their IP is automatically blocked via a .htaccess deny rule
- Use secure scripts
- Setup ModSecurity, but be aware that this can be time consuming to tweak just right.
- Use a CSF firewall
Please remember that hackers can penetrate WordPress sites even if they’re completely up-to-date. As exploits are discovered, updates to protect sites from these exploits are rapidly developed and released to the general public, but for some this is too late.
Get rid of security loopholes
While owners of exploited sites think they should have been protected by their hosting provider, they’re actually helpless to many exploits because of security loopholes created by their users.
Sometimes you just need to hire a security expert
Sometimes, it comes down being forced to hire a security expert to determine how hackers are getting access to your site. Moving from one hosting provider to another won’t help as you’ll just take the problem with you. Your new hosting provider will love that (NOT).
Brought to you by ProlimeHost
We’ve been in the web hosting industry for ten years, helping hundreds of clients succeed in what they do best and that’s running their business. We specialize in dedicated servers, with data centers in Los Angeles, Phoenix, Denver and Singapore.
The E3 1275 v5 processor is now available at great pricing, giving you the ability to add up to 64GB of DDR4 ECC RAM. Call +1 877 477 9454 or email us at Sales@ProlimeHost.com. We’re here to help.
Latest posts by Steve (see all)
- How data centers and web hosting providers are interconnected – What you need to know - February 21, 2020
- Trying to decide between a managed or unmanaged dedicated server? What you need to know! - February 21, 2020
- How SATA, SAS and SSD drives differ. What you should know. - February 20, 2020