In the past few years, we’ve seen 100’s of websites hacked, including our own! We don’t claim to be security experts, but we have learned a few things the hard way in our years on the web.
1. Use the default “admin” as the username. Hackers use brute force programs to “guess” your credentials. Leaving your username as “admin’ is the equivalent to giving them 50% of your credentials. Don’t do it.
2. Use an easy to guess password. Hackers literally try every word in the dictionary to guess your credentials when brute forcing your site. Use a combination of letters (upper and lower) numbers, and characters in all passwords, especially your admin passwords.
3. Don’t update your plugins. We’ve seen 100’s of sites hacked and probably the #1 reason they get hacked every time is due to outdated plugins.
4. Don’t update WordPress. Same goes for WordPress itself. WordPress does incremental updates anytime a security bug is found that they patch. Don’t wait on this one.
5. Use “nulled” themes. Using a nulled theme is not only unethical but it can leave your website vulnerable as well.
6. Trust everyone with credentials. Be careful who you allow in your site. If you have someone do work on your site, make sure you vet them properly. Always give people the least amount of access possible.
As a final note, always back up your website. With most hosting companies this is as simple as a 1-click solution, and only takes a few seconds.