Want to know one of the easiest but most effective ways to keep your website safe and secure?
Use strong administrative credentials!
While it sounds like common sense, this is by far, the most common reason we see in our support desk why websites get compromised.
I’m not just talking about your WordPress admin area either. Your email accounts, FTP accounts, cPanel, ad-tracking scripts, etc.
Anytime you setup a login for your website you should NEVER use common user names such as: admin, your first name, your domain, support, administrator, etc.
Rather, you should use a combination of uppercase letters and numbers and a password generator to generate random strings full of special characters, upper/lower-case letters, and numbers.
If I had a penny for every customer that used the username admin and got their WordPress website hacked, I would have retired long ago. And for some terrible, awful reason, the Softaculous auto installer (that we use) defaults to this. Don’t be lazy – CHANGE IT!
The same goes for your passwords. Your name plus 1, 2, 3, it’s going to cut it. There are bots out there that will crack it in a matter of minutes. Use the password generators, never the same one twice, and use a password manager such as Last Pass on your computer to keep track of it all.
This should be simple, yet we see it day in and day out and I’m sure even after this blog post we’ll continue to see it.
Once again this all seems so simple and pointless to dedicate an entire blog post too, but it happens so much, it needs to be brought up!
With weak credentials making up 90% of the hacks I see, the other is outdated WordPress installs, themes, and plugins. Yes, it’s a pain in the butt to run updates sometimes, but it’s much less of a pain than losing your entire website!
In summary: Strong Credentials + Updated Software = Happy Website Experience
As you finish reading, now is a good time to audit your website to make sure you haven’t made any of these very-easy-to-fix mistakes!