Ever Had Your WordPress Website Hacked?

The 4 Simple Steps To Stopping Hackers From Destroying Your WordPress Website

Recently I had to make one of the worst phone calls of my web-services career. I’d received an email from a client telling me that their website was down; they wanted to know if we could check it out and locate the problem. Their website had been built around 12 months before but they had decided to maintain their own website rather than paying for an ongoing support package from a developer. This is not a problem, WordPress websites are easy to maintain as long as the time is taken to do so. The problem was, the time had not been taken and therefore the site had not been maintained correctly.

I opened up their hosting account to take a look around and what I saw made my stomach drop. Their website has been ravaged. Malicious code had corrupted their WordPress website so badly that literally 90% of the files on their website had been deleted. I checked the backup folder for their hosting account and these had been affected by the virus as well. The thought that made me feel ill was this, had the client been taking their own backups of the website?

I knew that for most small businesses the answer would be no… and it was.

Their website was gone. Thousands of dollars of development time down the drain and I was the one who had to break the news.

WordPress Websites Need Maintaining

After that call I decided to write this article as a way of warning my other clients and friends out there on the net. Maintaining your website is essential!

Think of your website like a home; it requires maintenance. You don’t just build a house, move in the furniture and then never go there again. You have to regularly keep things in order otherwise it’s only a matter of time before the place looks terrible, things start to break and no one wants to stop by any more. If you leave it long enough, you’ll probably end up with a few squatters as well and this will start to affect your neighbours on top of everything else. No one likes those crazy hooligans throwing wild late-night parties and tearing up the nature strips, leaving empty, broken bottles all over the street.

Your website is just like this. However, instead of having a roach-infested house where the appliances don’t work, your digital home – your website – will become infested with virus codes inserted by hackers who have taken residence in your site. These digital squatters insert malicious code in your website and wait for an opportune moment to start causing a ruckus — slowing down or completely disabling your website. They can also use your website as a homebase, launching attacks at neighbouring websites and sending spam emails to all your friends and clients – and they use your precious domain name to do it.

So, how do you prevent it from happening? What’s the website equivalent to keeping your home free from cockroaches?

In this article I will show you the 4 simple steps to maintaining your WordPress website.

1. Keep your WordPress installation, plugins and themes up-to-date.

Outdated software is a huge problem on the Internet. Often, new versions of software get released solely to fix issues that have been exploited by hackers. So, if your website suffers from a well-known bug, it’s highly susceptible to compromise and needs to be updated.

WordPress even tries to make this really simple for you. Every time you login, it checks for updates and displays a banner at the top of your admin panel to let you know about them. The process is ridiculously easy and sometimes takes less than a minute to update. Make sure you keep WordPress up-to-date to avoid hackers taking up residence in the lounge room of your website!

2. Don’t install unneeded or untrusted plugins

You wouldn’t by dodgy appliances to heat your house because it would put your entire property at risk when you used them. It’s the same with WordPress plugins. Regardless of how well it’s been coded, every plugin comes with configuration risks. The more plugins you have working on your website, the more risks that you have. Therefore, only install plugins that are needed on your website and only install plugins that have been coded by professionals. If in doubt please CLICK HERE to view our list of recommended plugins or sign up to one of our Support Packages for assistance.

3. Ensure Your Website Is On A Good Host

Imagine if you bought a house in a rough part of town where your neighbors throw parties all the time, dunny paper your house, knick-knock your front door and be an all-round nuisance. Now, imagine if there were no police to call, or, when you called they never answered. This is what it is like if you are hosted with a poor company. At a minimum, your host needs to have the following features:

1. Server Side Anti-Virus/Malware Protection
2. Regular Back Ups of your site, and
3. Good customer support ratings

If you are not sure if your hosting is meeting these requirements, drop us a line or check out our hosting packages.

4. Take Regular Backups Of Your Website

Although we recommend you host with a company that takes back ups for you, it is always good practice to take your own back ups of sites. For this we use and recommend a plugin called Snapshots. Snapshots is simple to set up and can take backups automatically for you and store them on Google Drive, Dropbox or a server of your choice. This is critical in safeguarding your website against disaster. DO NOT solely rely on your hosting company to take backups of your site, as most hosting companies offer back ups as a ‘best-effort’ service only, which they often provide free of charge. If you want to keep your site safe from disaster then our advice is to keep your own copy of your website ‘offsite’ – meaning it’s kept in a different location than your main website files. So, keep a copy on your computer, a separate server or on the cloud.

These four steps are easy to follow, you just need to make sure that you prioritise them. I personally hope to never have to make another phone call like the one I had to make to that client, whose website was gone for good.

If you are not going to follow the four steps yourself, then you must call a developer and get them to take care of it for you. The risk is too great to hope for the best. If you would like our help keeping your site secure we offer WordPress Website Support packages which include the four steps above. Plus we offer unlimited 30 minute website updates such as adding images, changing text, uploading blog articles, increasing site speeds, boosting page SEO and so much more. Please CLICK HERE to view our packages and get your site secure and backed up today!

As always if you have any questions, comment below or reach out through our Contact page.