Website security has been downplayed for many years, but now more than ever it is crucial that your website uses the latest technology available to keep your website secure. Gone are the days of not worrying about the backend of your website being hacked into. Many people think it's just humans trying to guess passwords but that's not even close to the daily threats of having your website hacked! Today there are automated programs that utilize hacking software which can attempt to guess your user name and password by itself and when your security software blocks the IP address the hacking software will change its IP address and try again until the next IP block and so on. This type of hacking attempt is called "Brute Force" attacks. Basically someone, or a program trying to kick down your back door. Websites that use common software, like WordPress, are the websites that are targeted most by hackers and their automated software.

Not only are these hackers using automated programs to guess login credentials, but they are also searching for outdated versions of WordPress, outdated versions of the theme being used, and outdated versions of plugins and other software. Outdated software will usually have an exploit that hackers use to gain entry to your website and/or server.

Why do hackers target your site? Hacks are usually random and are used for spamming on the site itself, or spam through a php mailer which will also ruin your IP reputation. So even after the hack is removed you may still experience bounced back emails in this case. Hacks are also used for political information, usually from oversea hackers.

Best advice for keeping your website secure...

  • Keep your website software, theme or template, plugins, and all software up to date.
  • Be sure to use numbers, upper case and lower case letters, and symbols in all passwords.
  • Never use the same password twice.
  • Never use words found in a dictionary as a password.
  • use over 15 characters in a password.
  • Never give out your password to anyone, even a tech support person, always create a new, temporary account for anyone who needs access. Be sure to delete the temporary user as soon as possible.
  • Change your password often.
  • Treat user names like passwords, never use anything like a name, or other dictionary word. Make user names just as random as a password.

Keep your website and email safe! Email us if you want us to check the security of your website, email and/or hosting server.

Tuesday, August 27, 2019

« Back