Sabrina | News, Websites | No CommentsOver the last week WordPress sites worldwide have been attacked by hackers. So what? you may say. We all know hackers are busy 24/7 trying to cause havoc. But this time it's a biggun. Apparently a botnet of tens of thousands of computers has been busily squirrelling away at any WP site using 'admin' as the login username. Here's what the BBC's website has to say: 'The botnet targets WordPress users with the username "admin", trying thousands of possible passwords. The attack began a week after WordPress beefed up its security with an optional two-step authentication log-in option. The site currently powers 64m websites read by 371m people each month. According to survey website W3Techs, around 17% of the world's websites are powered by WordPress.' So your first step, therefore, is to change your username. Now. (Any WP sites I set up, by the way, don't use 'admin' as the username. It's just too obvious.) You should also update to the latest version of WordPress (remember to back up first!) and use the optional two-step authentication with a secret number. Yes, it's one more thing to remember but a darned sight easier than rebuilding your website. Next, install a plugin such as Better WP Security. I also recommend installing your website in a separate folder on your server rather than in the root folder. Just don't call the folder WordPress or Website! If you want help beefing up the security on your site, please do get in touch with me so I can help you ward off hackers.
When we hand over a site to a client, it comes with instructions and the reassurance that we will always help if our client forgets any key or not so key issues regarding maintenance and adding posts, pages and media. One of those instructions is to always perform available updates on core WordPress software and also plugins which have new versions available. Why is this so important? Security. The interweb is scattered with hackers, and system updates make your site more secure. The updates typically address security issues as well as added functionality. No software is immune to security problems, but updates reduce the vulnerability of your site, as do other measures we take when setting up your site for you. Updating your WordPress core software isn't hard to do, but we know many of you forget to look at your Updates settings, so from time to time we check your sites for you and update core software and appropriate plugins on your behalf. If you're nervous about the words "we recommend you back up your website first" just ask us to do it all for you; it doesn't take long at all and we have yet to encounter any problems doing a core upgrade. We do notice a difference between web hosts though - there are some hosts out there running outdated versions of PHP on their server which means we can't update the core software (we do contact them and pester them to give us access to PHP5.X.X). It does pay to get a web hosting company which uses up-to-date tools - in our case we can offer you hosting for $54 a year, hint hint! Shameless plug aside, if we can't - or you can't - update your core software and/or plugins because of your web host, it may be time to shift hosts. WordPress is one of the most popular web building platforms in the world right now, and any reputable web hosting company should be able to support it and its updates. If you have any questions about upgrading your software or plugins, contact us and we'll talk you through it, show you how to do it, or do it for you.