Have you ever wondered if anyone has tried to hack you or get into your site? Why would they? You are a small business or blogger trying to make a positive difference in your community and the world.
Why does Website security matter?
Someone has or is trying to hack you! You’d be shocked if you could see the attempts on your website.
You know how I know?
The Russians are trying to Hack Me! And they may be trying to hack you too.
Seriously, the Russians did try to hack me.
Thankfully, when I started my WordPress website, several peers had recommended that I install a security plugin.
I did my research and installed Wordfence. When I took my site live the very first day, I received a security alert in my email.
A user with IP address 22.214.171.124 has been locked out from signing in or using the password recovery form for the following reason: Exceeded the maximum number of login failures which is: 5.The last username they tried to sign in with was: ‘admin’ User IP: 126.96.36.199 User hostname: 188.8.131.52 User location: St. Petersburg, Russia
I’m not running a political site or a fortune 500 company. Why would someone want to hack me?
I did some research and found that up to 30,000 sites a day are hacked. YIKES!
In one month, my site was attempted to be hacked 176 times!
And the hacking attempts are not just from Russia, but China, Mexico, and all over the world. That includes the USA.
What do hackers want?
It boiled down to these points in the following importance.
- Hackers wanting to gain access to your data such as steal passwords (if you store any), mailing lists, and any personal data.
- Host phishing pages where they try to trick you into entering personal information and your credit card.
- Install malware for you or others to download onto your computer.
- Use your site for spam email.
- Use your site for malicious redirects. Once a reader lands on your site they will be redirected to a look-alike page to enter personal information or to a page that hosts spam or malicious files.
- Use your site to attack other sites.
- Hijack your site for ransom.
- Deface your website.
How can I avoid being hacked?
- Install a WordPress Security Plugin.
- Backup your website regularly.
- Do not use the login of “admin”. Choose a unique user id for your login other than a name in your business, your name, and the word “admin.”
- Keep your theme, WordPress version, and plugins up to date.
WordPress Security Plugins
What WordPress security plugins are available? Below is a list of the most popular plugins, sorted by popularity.
Wordfence boasts 2+ million active installs and is FREE for the basic plugin. The premium plugin is $99 a year.
This is the most popular security plugin and for a good reason. The free version has a lot of great features and functionality. It includes a Firewall that blocks from malicious attacks, a security scanner checking your site for vulnerabilities, and security tools that check from live traffic and the ability to block specific IP addresses. If you opt for the pro version, it has real-time threat defense on the latest malicious viruses and programs with anti-spam features.
Ithemes Security (formerly Better WP Security) has 900,000+ active installs and is FREE for the basic plugin. It is $80 a year for their Pro version. The free version protects from brute force attacks and detects if you’ve been compromised.
Ithemes security is very similar to Wordfence, with a few different features. Both boast being the best security plugin. It comes down to a personal preference as to which users like more. Both offer great protection.
Sucuri has 300,000+ active installs plans vary from FREE to $300 a year. The free version does just basic malware scans. There are better free security plugins in my opinion.
However, the professional plan is the crème de la crème of security.
The professional version is a cloud-based solution that doesn’t involve any installations, has a 24/7 support team monitoring their sites globally, cleanup of sites is included, and they boast an average time of 6 hours to clean up your site if you are hacked or have malware.
Other Security Plugins
If you notice, I did not list all the security plugins available. There are additional ones besides the above, but I only listed what I believe to be the best.
What do you think? Comment below.