Statistics for hacking incidents are pretty staggering; with over 30,000 websites hacked every day. But your blog’s not on a hacker’s radar, surely? Well... with Wordpress being used by 22% of the top 10 million websites, it's a prime target for hackers due to huge impact a single exploit can have. As recently as a couple of months ago 50,000 Wordpress websites were hacked after just one hole in a plugin was exploited.
Why a hacker would target your company blog
Everyone knows that hackers like to target networks where they can steal financial data, or customer details, or company secrets, or just cause mayhem, but there are other reasons too.
Forget the notion of a lone wolf with a penchant for late nights and strong coffee. Yes, they exist (Hollywood knows!), but most hackers have programs to do all the hard graft. These so-called bots are set to work 24/7 scanning for exploitable areas on websites, and your blog is just another address in the search list.
There are the hackers who do it just because they can – they do it for fun and crow about it to their friends. They will deface your webpage, post political statements, advertise their hacking group, causing not only raised eyebrows from your customers, but long-lasting reputational damage.
Then there are the ones who want to edit your pages by adding links to their own site in order to boost their own or affiliated website traffic - irritating for both you and your genuine website visitors.
There are those who want to upload malware to your website in order to infect visitors and harness their devices into their ‘botnet’. These computers can then be used en masse to, for example, flood a particular website with so much traffic it creates a denial of service (DOS). By using other people’s computers, these mischief makers hide their own location and put you in the firing line instead.
You can avoid a hack if you take some simple preventive measures.
5 essential tips to protect your WordPress blog
- Apply updates. Hackers pay great attention to security holes, so plug them asap by keeping abreast of updates. Apart from applying automatic WordPress updates, make sure you are using the latest versions of plugins and themes and delete old or unused ones. Avoid showing version numbers on your blog as this is useful information to the hacker – they’ll know which vulnerabilities apply to each version.
- Create more than one admin user login. If a bot finds your blog and gains access, you will be locked out. Create at least one other admin account with a different user name and password, then either delete or rename the default admin account.
- Do regular backups. Don’t leave long gaps between backups, and keep multiple generations of them - it could be days before you realise you’ve been hacked and you may have to go back further than you think. To be kept informed of possible hack attempts, use a malware scanning product which will alert you to changes in the WordPress core, plugins and themes.
- Limit login attempts. To avoid a brute-force attack, where a bot tests millions of combinations of usernames and passwords at high speed, install a plugin that limits the number of login attempts per hour.
- Use strong passwords. Length equals strength, so use a long password which includes upper and lower case letters, numbers and special characters. Avoid using words that appear in dictionaries and definitely don’t use the names of family members or pets as these are easily found on third party sites. Test the strength of passwords and keep them all in a password manager. Use different passwords for different blogs, and for each access point - admin and web server – and password protect your wp-admin directory.
Prevention is better than cure
If your company blog site is hacked, you may have only a short-lived setback offering just minor irritation to you and your audience. If you’re lucky, that is. At the other end of the scale is permanent loss of reputation and the long-haul prospect of rebuilding it.
But the damaging effects of a hack can be avoided by recognising the threat and responding to it proactively. Don’t become a statistic. Remember, you set up your company blog to offer dynamic content - you need to be just as dynamic about protecting it.