So many website designers overlook security as part of their WordPress site launch.
Left unchecked, anyone can keep trying your password until they eventually figure it out (If you’re wondering how much time they have on their hands, please consider that they use software for this). And once they’re in? Odds are, they are trying to show ads to your readers, serve malware, or maybe redirect traffic to their site, any of which can get your site blacklisted from the search engine.
Think there’s something ‘off’ with your WordPress install? Start here, with Sucuri’s site check.
For monitoring and hardening, save time with automation. Enable email alerts so there’s a notification when someone is locked out of your site, and to routinely check the “bad login” logs to make sure they don’t have your login username.
My Favorite WordPress Security Plugins:
- iThemes Security, a free plugin, will limit common attacks, including brute force and password guessing. It’s also great for monitoring site logins and updates, and hiding your username.
- If you’re already using Jetpack, turn on the “security” option.
- Sucuri Security can send important email notifications about key actions like post edits, activation of a new theme, and user logins.
Guides for Cleanup:
First, contact your hosting provider. They have access to your server logs and are most likely the ones to be able to track down what went wrong. If you’re dealing with GoDaddy or BlueHost and not getting anywhere, it may be time to switch to Pair. Get 20% off: pairref-sxHjcXLS and pay $57.12 for the year including SSL.
What are these hackers and spammers doing? These are my favorite guides from Sucuri that take you through what they’re up to and how to fix it.
- How to clean the SEO spam hack
- How to remove malware from your WordPress site
- An overview of SQL injection
Anything to add? New tips or tricks, let me know!