Website security is a hot topic and was the focus of our Fast Action Fridays call for May 2, 2014. It’s so hot that it’s keeping website developers and managers busy with regular client work plus increasing numbers of “OMG! My site’s been hacked” emergency rescue requests.
Yet there’s a reality I see playing out everyday online, especially among writers, hobbyist bloggers and solopreneurs working hard to build their businesses. They are overly concerned that some nasty person will steal their words or ideas, but do nothing to protect the integrity of their websites.
This recap is longer than usual. No apologies, though. The issue is too important not to make sure you understand just how important, plus how easy it is for you to take a few minimum fast action steps to help protect your investments.
Knock on wood … my sites haven’t been hacked (yet). That doesn’t mean I don’t focus on securing them best I can. Glad I did. Last week I got my first notification of someone looking to do harm but couldn’t get into my site because of a simple free plugin I have installed. It’s just one security tactics I have in place.
If you manage your own site, make time to deal with security issues. Do it today! Also carve out some time to establish scheduled procedures that can help keep your site safe and secure, plus if hacked can help get it cleaned and back online asap. If someone else manages it for you, have a chat about security with them.
Not to feed your fears, but that last “if” (… if hacked…) should probably have been a “when” because for way too many sites, whether you use WordPress or some other platforms, it’s truly just a matter of time before disaster strikes. You may not be able to avoid it entirely. But it’s definitely within your power to minimize the damage. Think of it as homeowner’s insurance for your website.
For heaven’s sake, before you start setting up the barricades and mustering the troops, lock the *!@#% doors.
Fast Action Tip 1: Do NOT use admin as your username.
If your Username is “admin” you’re just asking for trouble. Might as well take out an advertisement in Hackers R Us letting the baddies know the back door to your site is probably unlocked so come on by and make yourself at home.
Why would they assume that? Two simple reasons.
Once, long-ago (say more than a year in cyber-time) some semi-automated installations of the WordPress website software, such as Fantastico, kept things super easy by automatically filling in the installation username field with the descriptive but uber generic term “admin”. If memory serves me, Fantastico now offers the option to choose your username during new installations.
Two, because anyone blasé enough to keep “admin” as their username, is also likely to have created a password that’s either simple to guess (often based on minimal knowledge of the individual’s history or preferences), or can be discovered with a bit of time and effort. Are your passwords like that?
Does it need to be said? Hackers are more than willing to spend a little time and effort jimmying the doors to your website.
Changing your log in isn’t hard, but it is a two-step process. Here’s how:
- Log into your WordPress dashboard.
- Scroll down the left sidebar until you see Users. Hover over it and click the option for Add New.
- Create a brand new user profile for yourself.
IMPORTANT: Be sure to create a strong password. More about that below.
AND use the drop down box next to ROLE (near bottom of page) and choose Administrator.
- Save the settings by clicking the ADD NEW USER button.
The button is red on my screen, but yours might be different.
- Log out of your current session.
- Log back into your dashboard using your new username and password.
- Scroll to the USERS again. Click the All Users option.
- Find your old “admin” username in the first column. Hover over it and click the option to delete that user.
Fast Action Tip 2: Create a strong password.
While your username can be of the Plain Jane variety, as long as it’s not “admin,” you must create a) a strong password, and b) a unique one.
Yes, remembering a convoluted password made up of random letters, numbers and symbols is a pain, and having different passwords for different sites and program is doubly so. But, … if you care at all about the security of your WordPress site … and all the hard work you’ve put into it … and all the future good you expect it to do in helping your build your business and make money, you must suck it up and use strong passwords.
The USERS Profile page in your dashboard includes a “Strength Indicator” to help you see at a glance how strong your chosen password is.
Reduce the stress and anxiety of creating and remembering passwords by using one of the quality log in manager systems. I personally like LastPass. Even its free version is robust. I’ve heard excellent recommendations for 1Password, and RoboForm, as well. [Those are non-affiliate links.]
Bottom line: Don’t let the hassle of creating and using strong passwords deter you from using them.
Fast Action Tip 3: Install free or premium security plug-ins.
Remember that free plugin I mentioned that prevented someone from accessing my site and trashing the place?
Well, that plugin is Limit Login Attempts. Click here to learn more about it. It’s easy to install and activate directly from your WordPress dashboard. And, super simple to understand and tweak the settings.
Also install a plugin such as iThemes Security (formerly called Better WP Security) or WordFence. Other options are available, but the free versions of those plugins come highly recommended [I use them :)], provide 24/7 behind the scenes watchdog protection and include a variety of settings to help keep you notified of suspicious activity and more. They’re like stationing your own private armed security guards to patrol your website.
I wasn’t familiar with WordFence until Renae Whitacre, my May 2nd Tipster of the Day, spoke up to share how she had seen it highly recommended by one of her favorite to follow bloggers, Beth Hewitt. You can check out Beth’s review of WordFence by clicking here. Tell Beth we said “Hi” if you visit her.
Check out the May 2nd Fast Action Fridays replay to learn more about Renae and why she said, “I have not had security issues, but heard so many horrible stories that I KNEW the necessity to have a security watch out and back up installed on my website.” Plus, Renae shares how easy she found WordFence to install and setup.
You can connect with Renae on her Facebook page here and check out her free offer, 7 Myths of Blocking your Money Magnetism, on her Magnetic Money Mentor website. She’ll be back as Tipster of the Day in the future to share tips on busting those money blocks that can keep us broke and playing small.
By the way, if you’d like to volunteer to be the Tipster of the Day for a future Fast Action Fridays call, share your tips, plus get some free promotion, just post your request on my Facebook page or contact me here.
Fast Action Tip 4: Keep your site software and files up to date.
Take responsibility for this, delegate it to a responsible party or hire a site manager. If you are the Administrator of your own site, and know your way around the basic dashboard, then you most likely understand how to keep your plugins and WordPress installation up to date, especially the incremental security and bug fixes. Feel free to contact me if you need help figuring things out or would like a recommendation to a trusty-worthy site manager.
Bottom line: Stay up-to-date.
Bonus Tip – Back up, back up, back up
All the proactive action you take is useless IF your site gets hacked anyway AND you haven’t taken steps to make sure you can put things back in order quickly with a minimum of fuss from a clean backup. There are reputable plugins that can help you automate this but you do have to pick one, install it, set it up, and verify the quality of your backups.
YOUR TURN Exercise
Review your current website security status. Create a plan of action, starting with changing your username and/or password if you’ve left your back door unlock and the keys in plain sight.
Access to Recordings is Available to Subscribers
Here’s the link to subscribe. Feel free to share the link below and recommend the Fast Action Fridays community to your friends, family, and networking contacts.
Copy & paste to share: http://bit.ly/1mPz3fl
SYSTEM USED today for call-in and recording: Free Conference Pro (free online version)
• Feel free to contact me if you have questions, have a Fast Action tip or technique you’d like to share, or would like to explore JV and other networking opportunities with me.
Thanks for the mention and for such a great post. I recently got hacked despite all the security. Sometimes there is just no stopping those pesky hackers.
Looking forward to reading more of your blog posts and please let me know if you would like to be part of the free blogging community 🙂
All the best,
Thanks for taking time to stop by, Beth. Sorry to hear your site was hacked. What a bummer! But helps prove the point that it’s not a matter of “if” … it’s just a matter of “when”.
Absolutely interested in being a part of the free blogging community. Tell me how! And if appropriate, feel free to extend the offer to readers here.
Keep being that good “rocking her path” example!