What’s the best way to keep the WordPress hackers out?
WordPress hackers are usually bots (robots). They don’t really have personalities, they don’t really care what your site looks like or how much traffic they have. They just want the quick Smash & Grab.
If you leave your iPad on your front seat, you’re just tempting the thief.
I witnessed a guy looking through car windows with a flash light in the middle of the night (yes, I called the police). Most cars was just a quick glance. He knows exactly what he’s looking for, what it looks like, maybe even where in the car it usually is.
There was a pickup truck on the street with all kinds of stuff in it. He spent a bit of time on that one, looking through casually to see if there was something worth breaking the window for. I would venture to say that this is already more effort and thought than a WordPress hacker does when he’s going to break into your site.
The WordPress hackers is looking for the iPad on the front seat. He might not even need the flashlight for that one. Boom, smash, grab and run.
What’s the WordPress security breach equivalent of the iPad on the front seat?
Easy passwords are one. I’m no hacker, I don’t actually know how they do all this stuff. But I know they have bots that sniff and look for the easy way in. If they find it, boom, they’re in, do their business and move on. It’s nothing personal, just business (albeit shady, illegal and really annoying).
The latest version of WordPress has a built-in stronger password tool. So here’s a tip: use it.
[…] Don’t be the easiest target for WordPress hackers. (Aug 24) […]
Two other things for which hackers (or their automated bots) look…
– out of date WordPress: it’s not uncommon for vulnerabilities to be found in the WP engine, and _especially_ in plugins! So it’s critical to keep one’s WP engine, plugins and perhaps even themes patched and up-to-date.
– plain text passwords: if a hacker really wants to break into your site, they can perform a “man in the middle” or similar style attack to attempt to capture your password as you type it into the WP panel. Since most WP-based website do not use SSL (https) encryption for the admin interface, capturing one’s password in this manner is fairly trivial for a hacker. SO SET UP SSL for your admin pages! Better yet, enable SSL for your entire site, and you’re protecting not only yourself but your customer.