I’ve said it before and I’ll say it again, no one is immune from having their website hacked. It doesn’t just happen to the big guys – with lots of money and personal data flowing in and out – it also happens to the little guys. And by the “little guys” I mean folks like me and you.
Wordfence has reported that starting around 7:30 (Pacific) this morning, they saw a HUGE increase in attacks against WordPress sites. And by huge, I mean the per minute count went from 2,000 up to 40,000 attempts. So more than likely, your site is *this* close to getting hacked if you don’t take some simple precautions.
You can check out the live stats going on over at the Wordfence site, but look at what was going on earlier today. Check out that massive spike in activity.
Lucky for you, there are some simple things that you can do today (now!) that won’t even require you asking your web guy for help.
Back it up! Back up your website. You want to know that if anything should ever happen to your site, you have recent backups.
Create a Strong Password. You can find some super easy tips for creating strong, yet easy to remember passwords HERE. If the whole password thing really stumps you, then let something like LastPass help.
Change the Admin Account. Go into your settings and change the name of your main admin account. The hackers are using “admin” to try and log into accounts. Why? Because most people don’t change their default name and access their account using Admin as their username. Change it to anything that might work for you. And make sure the password is complex (see above).
Create a New Admin Account. Create a second admin account that will be your regular login (we do this on our computers as well). This way if for some reason you get locked out of the system, you have another way to enter. Follow the same rules as above: easy to remember, yet complex.
Install Wordfence. Then get in there and set up your account. We have our sites set so that anytime someone tries to access via the “admin” username, they’re automatically locked out and their IP is blocked. You’ll get alerts whenever someone tries to break into your account. It’s free to use (I do believe there’s an upgrade option available) and I get nothing from the recommendation.
Do yourself a favor and do this TODAY. Trust me when I tell you that it’s easier – and way less time and energy consuming – to set yourself up than to try to fix things once you’ve been hacked.
If you need any help with this, please drop me a note. I want you, your business, and your website, to be safe and secure.