INSIGHTS - April 2019

Keeping website Hackers out

If you’ve turned up to work today and seeing something like this on the homepage of your website then your shit day has just begun! I’m smiling but I’m crying on the inside! If you turned up to work and you’ve seen something like this on your homepage then it’s gotten even worse because Google has found your website hacked before you have and it’s blocked it’s blocking it from other users actually even visiting it across the planet.

So you’ve got to do a whole bunch of a cleaning process and then resubmit to Google we do this a kinda on a daily basis we have another business called Hack Rescue and we do high speed hacks. So what do we see of the most common entry points usually it’s WordPress… WordPress is a fantastic content management system but it can be open to security holes if it’s not secured properly. We have plenty of high-grade WordPress sites that are incredibly secure because we do the right things, but plenty of people don’t.

So how do we do this? The first thing is plugins… make sure you use a very very limited amount of plugins and keep them up-to-date all the time. I would say your list should be no longer than 10 plugins if you can do it we see plenty of hacked websites that have 20, 30, 40 odd plugins it’s a freaking nightmare, so keep your plug-in list short. The second is I was about to show you what is happening on a day-to-day basis minute by minute basis on most WordPress sites around the planet.

So I’m using the SUCURI WordPress plugin which is very very good for malware monitoring and hardening and I’m just going to take you down to here’s the log of access points for you know a couple of hours yesterday so you can see here’s an IP address from one user for about 6 different attempts using 6 different usernames that are using usernames except our admin account doesn’t exist, so every minute of every day someone is trying to access our website and they’ll be trying to access your website too.

So use strong passwords! Most hacks we repair have occurred because of a simple password so make your passwords complex and use the WordPress tools to save those passwords and use your browser tools to encrypt those passwords with a master password and you never have to type them in again. Use very very complex passwords all the time, LastPass is also a great tool to use for that!