5 Reasons Why Youre Just Asking for a WordPress Hack to Happen

Is it just us, or have there been a lot of data breaches lately? Beyond the big names in the news, weve also had our fair share of WordPress hack events, like that big defacement issue back in 2017.Unfortunately, security breaches are very real†¦As a website owner, it’s up to you to be vigilant and to ensure that your site isnt susceptible to being hacked.In this article, we share 5 different factors that increase the chances of your WordPress site being hacked, and what you should do to protect yourself.If any of these things apply to you, make sure you remedy them ASAP. It’s just not worth putting your business at risk! Not updating WordPress!According to Sucuris Hacked Website Report, somewhere between 55-61% of WordPress hack victims were running out-of-date WordPress when they got infected, and thats definitely not a coincidence:(Charts by Visualizer Lite.)By default, WordPress security updates are supposed to happen automatically. But some hosts disable that functionality, so you cant count on that always working.In our experience, the people who don’t update their sites fall into two camps†¦They put off updates (or ignore them completely) because they’re too busy, ORThey’re afraid that updating their site will break it.If you belong in the first category, stop procrastinating already it just takes a few seconds to update your site.If you belong in the second category, you can take some steps to ensure nothing breaks your site.First, create a complete backup of your site  before you run an update.In the unlikely event that your site does crash, you can easily restore the previous version.And if you want be more proactive about checking for issues with an update, you can create a staging site to test updates, or choose a WordPress host that offers staging functionality.2. Not updating pluginsRunning in the same vein, it’s also important to update the plugins that you use.If you use outdated plugins wit hout updating them, you’re essentially exposing yourself to security flaws and bugs†¦Again, Sucuris study has some helpful data 18% of WordPress hack victims were hacked  just because they hadnt updated plugins with known vulnerabilities. The plugin developer knew there was a problem and fixed it people just didnt update the plugin to secure their site!Additionally, in a survey of WordPress hack victims from Wordfence, over 55% of people  who knew how the hacker got in said it was because of a plugin issue.If you’ve got a ton of plugins and you find it hard to keep track of all the updates, we recommend using Wordfence. Wordfence Security Firewall Malware Scan Author(s): WordfenceCurrent Version: 7.4.0Last Updated: August 22, 2019wordfence.7.4.0.zip 96%Ratings 135,846,747Downloads WP 3.9+Requires This plugin comes with a malware scanner that will check your other plugins for malware, bad URLs, backdoors, SEO spam, malicious redirects and code injec tions. It also draws your attention to potential security issues when a plugin you’re using has been closed or abandoned.3. Not protecting your WordPress admin directoryIn that same Wordfence survey, one of the most common WordPress hack attempts involved getting access to your WordPress login credentials, either through brute force attacks or password theft:SourceTo prevent that from happening, you’ll want to protect your WordPress admin directory (your /wp-admin page).First and foremost, make sure you password protect your WordPress admin page.By default, you’ll require a password to get into the directory, but we’re talking about adding another layer on top of that.That way, anyone trying to access your WordPress admin will need to provide an extra username and password.If you need a walkthrough on how to do this, check out Step 2 of our article: 4 Ways to Tighten WordPress Security.If you dont like that approach, another good alternative is two-factor authentication.With two-factor authentication set up, your site users won’t just require a password to log in they’ll also need to input a code that’s sent to them via text message, email, or an app.To do this, check out our WordPress two-factor authentication guide.Last but not least, it’s not a good idea to use â€Å"admin† as your WordPress username.Hackers might attempt to get into your site using this default username, so you should definitely switch it up.While WordPress doesnt let you directly change your username, you can still do it by following these methods.4. Using weak passwordsThis one’s pretty obvious if you use weak passwords, its easier for hackers to access your accounts.We’re not just talking about the password that you use for your WordPress admin account, though.The same thing applies to your other passwords, including your:Web hosting accountsFTP accountsMySQL databaseEmail accounts associated with your WordPr ess admin accountTo learn more about generating a strong password, read How Secure Is My Password? Here’s Your Answer, Plus How to Pick a Strong Password.Additionally, some hosts (like Kinsta and WP Engine) let you use two-factor authentication for your hosting account. Thats another good layer of security.5. Using dodgy themesIf you do a quick Google search, you’ll find a good handful of websites that distribute paid WordPress themes for free.At first glance, this might look like a cool money-saver for website owners on a tight budget.In actuality, though, most of these sites are pretty dodgy†¦If you download and install a theme from them, you might end up compromising the security of your website.Remember, there’s no such thing as a free lunch.If you want to use a premium theme on your website, then get it from a reputable theme developer website and PAY for it. Or you can check out our free WordPress themes (no hacks here promise!).Stop WordPress hack a ttempts before its too lateSad to say, the average WordPress site owner doesn’t consider security a priority.When you’re setting up your site for the first time, you’re probably more concerned with the look and feel of your website than anything else.And once you get your site up and running, you’ll turn your focus to churning out great content, neglecting security as you go along.Obviously, this is a huge mistake.You don’t wait to wait for a WordPress hack attempt BEFORE you start caring about your sites security when that happens, it’ll be too late.So set aside an hour or two and make sure that your WordPress site is secure and up-to-date.Forget analyzing your traffic from Google Analytics or optimizing your pages for SEO this is the one most important thing you can do for your WordPress site.Don’t put it off!Do you have any questions about fixing these security issues? Let us know and well try to help! Are you making these 5 Word Press security mistakes? Don't open your #WordPress site to hackers