- Case Studies
Why Is My Website Getting Hacked?
Are you excited to get more website traffic and leads for your company in 2016? You probably sat down with your team last year and came up with a plan for growing your business—but you’re not going to get the traffic and leads you want if your website keeps getting hacked!
According to Google, there has been a significant increase in website hacks. Over the course of 2015, Google noticed a 180% increase in the number of sites getting hacked. Because websites are kind of our thing—and because many businesses across many industries have websites—the Blue Corona team has decided to write about it (writing is also kind of our thing). I interviewed one of our badass webmasters, Leland Tran, about website hacks.
4 Reasons Your Website Is Hacked & Tips for Preventing Future Hacks
So, why is your website getting hacked? How can you keep your site protected? According to Leland, asking why a website is getting hacked is like asking why a person is getting sick. Like your body, a website has a number of different ways that it’s vulnerable.
Here are four reasons your WordPress website is getting hacked:
You don’t have a good website host.
Having a good website host is extremely important in terms of security. Your hosting provider should have a secure process for dealing with attackers. Secure process? Leland explained: WordPress has core files that serve the back end. They are like the engines that run your website. A good, secure host doesn’t change the core files. Here at Blue Corona, we use GoDaddy for website hosting.
Your website access isn’t limited enough.
Kind of like keys to your house, the more access you give, the less secure it becomes (Leland is full of analogies!). Multiple accounts and access to your website that is not limited creates more vulnerability. When you do give users access, use sophisticated passwords that aren’t easy to guess. Don’t use dictionary words. There is a tactic—called brute force—that involves robots trying to guess your password using dictionary words and different combinations (sneaky f*****s!), so make it hard for them. The same goes for the username—never make it “admin.” I think Leland used “never” at least three times, so you know it’s important.
You aren’t being careful with plugins and themes.
Firstly, don’t download plugins and themes from untrusted sources (it also helps to make sure your computer is free of malware and viruses). Secondly, always update WordPress plugins and themes. Outdated ones are less secure. Pretty simple and straightforward! Leland also suggests using security plugins.
You aren’t working on a secure network or FTP.
If you aren’t working on a secure network, especially when you’re sending website usernames and passwords, the information can get intercepted. For instance, never send important website information on free Wi-Fi. Make sure you’re using a secure FTP (SFTP—secure file transfer protocol) so all the info is encrypted and can’t easily be read.
How to Prevent Website Hacking
Just to recap and give you a quick list for reducing the risk of—or even preventing—future website hacks:
- Choose a good, secure website host.
- Limit website access.
- Create hard-to-guess usernames and passwords (at least 8 letters, mixed with numbers and special characters).
- Set limits on failed login attempts (3 – 5).
- Change the login URL from the standard /wp-admin or /wp-login.php (this isn’t necessary unless you are really worried about security or if your site keeps getting hacked and you want to take extreme measures).
- Regularly back up your website so you can easily flip the switch if something goes wrong (daily if you make a lot of updates to your website—but weekly or biweekly is pretty standard).
- Always use up-to-date plugins and themes and only download them from a reputable source.
- Use a secure network and FTP.
I recommend following all those tips, but you can always call Blue Corona for website services! Not only do we design beautiful websites, but we have an experienced, awesome team who can save the day if your site gets hacked. Every account here has a dedicated webmaster.
Contact Blue Corona if you’re ready for a new, secure website!
About The Author: Alanna is the Quality Assurance Manager in Blue Corona's Maryland office. When she's not triple-checking websites and content for errors and consistency, you can find her at the gym with her twin sister or urban exploring with her husband.
View more blogs by Alanna Hernandez
The information on this website is for informational purposes only; it is deemed accurate but not guaranteed. It does not constitute professional advice. All information is subject to change at any time without notice. Contact us for complete details.