A few days ago, it was reported that WordPress users are being faced with a hack which uses multiple login attempts to get into your website. It relies on simple username and passwords and the possible combinations of letters or numbers which might go with each to try to break into each website. Why are they doing it? To infect even more websites by using software that many websites already use to share blog content by way of sending the website remote procedure calls RPCs written in XML. What can you do to protect your website?
Although we all know we should use a strong username and password, sometimes we don’t. We believe that we likely will not get hacked, so we don’t take heed of the warning that the password is weak. However, a website hack can happen to anyone and therefore we all need to be vigilant. A strong username and password should rely on a few factors. Number one, never include the same words in the username AND password. For example, if your business name is BurgerBarn, don’t use the password BurgerBarn1287. This is one of the combination bots can easily try. Additionally, try to stay away from numbers associated with your business (the year it began), your personal birthday (ex. Steve1987), and your name or other identifying information. If the hacker has any of this information, they can easily try this combination. Passwords should contain at least 8-12 characters, and should have a variety of lowercase, uppercase letters and numbers and symbols.
When you login to your website, you may only use your username and password and then be able to immediately login. However, this is an easy way for hackers to get your information quickly. If you want to really be safe with your information, try multi-factor authentication or two-step verification. One example of this is if you tried to login, you may be brought to a screen which tells you an email or text has been sent to the email or phone number associated with the account. You will then have to enter a code from the email or from a text onto the website to verify that you are the correct person who should be accessing the account. This makes it much safer for you because usually you are the only person who is in possession of your mobile phone and the number attached. While this may make it more tedious for you, it may save you from a hacked website.
Lastly, if you want an extremely safe website, you can restrict administrative account access to only specific IP addresses. This means that if you tried to log in from another IP address (basically, location), you would not be able to. The hackers IP address would not be on the list, and therefore they wouldn’t even be able to try logging in because they would not have permission to access the login area. However, this can be difficult if you have multiple remote locations working on your website as administrators.
Are you worried about your website’s security? Give WTI a call. We can walk you through your options for a safer website, and then work with you to implement them. Additionally, we offer automated backup and monitoring which automatically checks for any breaches on your website. That way, we will be notified immediately if something happens on your website and be able to jump into action to resolve it. Contact us today for more information on web security and safety.