Bet Hannon Marketing

Malicious users (“hackers”) usually only try to “bring down” or render inoperable commercial sites. Much more commonly, hackers want to gain access to your site to put up spammy links to sites where they might make a few bucks. You might find this more often in comments on your news feed/blog posts where there’s often no hacking required.

Much of the important work for keeping hackers out of your site is done by your hosting company, and the protections the set-up of their servers offers. But there are several very important steps you can take to reduce the chances that your site will be hacked.

The first is to make sure that you keep your WordPress core software updated.  Of WordPress websites that are hacked, 85% of them were not using the most current version of WordPress.  You can tell you need to update WordPress because there will be a yellow banner across the top of the admin dashboard reminding you to update.  (Read more about updates here.)

Don’t have the default username “admin” as a possibility on your site.  Some installations of WordPress have “admin” as a default username.  This gives hackers a leg up to try to work on cracking passwords.  Even if it’s a username no one uses, you shouldn’t keep it in your site, since just trying to login with it will give the hacker a “wrong password” message, confirming that it’s a valid username.

Use strong passwords. When creating passwords for your username, use both capitals and lower case letters, numbers and a symbol.  A symbol that is not on a number key is even better.  To really be super-safe, use a password generator (google search for free ones) that will give you a password like this: aT}98xz.

Log into your site only from secure computers and locations.  When you use a public wifi network, other users can potentially see your info to gain access to your site.  Likewise, computers that lack a strong internet security software or that have hibernating viruses can risk having their keystrokes tracked to gain access to the site.

Make sure the email accounts of site users are secure.  If the username and email of a user can be accessed, a hacker can use the “reset password” function to create a new password, gain access to the site & lockout that user from the site.

As always, if you are concerned about site security for your site, shoot us an email with your questions or concerns!

You’ll know you have plugins to update because in the Admin Dashboard both the Dashboard box drop-down box “Updates” and the Plugins drop-down box will have small circles with a number in them.  That number is the number of updates that you need to make.

Remember: In general, do not update the WordPress software from the Admin Dashboard! This is best done from your hosting account.  Read more here.

Plugin updates are generally safe to do from the Admin Dashboard. Plugins can be batch updated, but we recommend updating them individually to be able to quickly isolate problem updates.

Go to the plugins page, and under the plugin that needs updating will be a small pink box that offers a link option to “update automatically”.  Click this link, and the update will take you to a new page.  Wait until you see the notification that the update was successful, then check to see if your site is still functional—in a new tab or window, leaving the Admin Dashboard open in at least one window or tab.

If you get an error message that a plugin has failed to update, it often has to do with the link and may require a manual installation of the updated plugin to the hosting account.  You can attempt to upload it manually yourself, or let us know, and we can attempt to fix it for you.

If the update is successful, but renders your site not functional, back in the Admin dashboard, deactivate this plugin.  This should make your site function again, but without the offending plugin.  This often has to do with code conflicts between the plugin and your theme.  You may have to look for another plugin with similar function.

Remember before you start any WP updates to deactivate all the plugins through your Admin Dashboard, and make sure you have access to a current backup of your site.

The lowest level updates (3.0.4 to 3.0.5) are usually safe to do through the WP Admin Dashboard.  You can do this through the Admin Dash –> Updates (or from the link at the top of every Dashboard page).

Mid-level and highest level updates are best done through the hosting account, where our preferred host (Bluehost) and some others offer the option to roll-back the update if it causes conflicts.

After you update WP and determine that your site still works, activate your plugins one by one, checking for site function after each.