WordPress Security: Keeping your website safe from hackers

Last night I watched a youTube video by Wordfence Security showing how quickly and easily hackers can login to your website through outdated versions of plugins.  The security specialist, Chloe Chamberland showed how a hacker can use a search on Google called “Google Dorking” to search for any websites that use specific plugins such as BBPress.  A list appeared that showed the version of the BBPress plugin. Using that, Chloe could see which website is using an outdated version of that plugin to gain access (already knowing the vulnerabiltity of the plugin and how to break in). Chloe showed how quickly she added a new user id to the wordpress admin asking for ‘subscriber’ access. Before she submitted it, she used a program to stop the code before executing and then added a script that changed her userid from subscriber to administrator. She then submitted the sign up form which created a new user account with administrator access, with full access to the entire website. All within 5 minutes.

So I have mentioned to many of my clients how important it is to run the updates regularly on your WordPress (and Joomla!) websites.  I give instructions for those who wish to do it themselves and I also provide a service where i will go into the website, run a backup, run all of the updates and test the website afterwards to make sure none of the updates caused a problem with the website.

I recommend running updates bi-monthly at the bare minimum, monthly is better, weekly is the best. 

Having added security is also very important to protecting your website. Over 1/3 of websites on the internet are built on WordPress. Hackers figure out where the loopholes are and very quickly can attach one or many sites for their own purposes.

Some hosting companies provide higher security with the hosting such as Siteground Hosting. It’s the number 1 recommended hosting company by WordPress.org. I have spoken to their technicians and have been advised that if the plugins are kept up to date, there is little room for hacking of their system. Other hosting companies offer added Security services. Godaddy offers Website Security Essentials which scans websites daily looking for malware and will clean up your site if they find it. If your website has been hacked, don’t despair, once you purchase the Website Security Essentials, you submit the website scan and submit a ticket to have the website cleaned. Within 6 hours your website is cleaned and back online. You can also purchase the pricier service of a Firewall which will block all hackers from accessing your website.

There are 2 free plugins you can install directly onto your WordPress website: Wordfence Security or All In One WP Security. I use both (not at the same time on the same website). Both offer a firewall, added login security, can be set up to run scans for outdated versions of plugins, will allow you to block IP addresses (All in One does this, it’s a premium feature on Wordfence Security), and a host of other security features. All in One WP Security also allows you to change the login URL.

The premium version of Wordfence Security will also clean a hacked website and then provide protection to your website for 1 year. If a known attack is hitting websites, they will provide an immediate update to protect against the hack. The free version will get the update after 30 days.

How to run updates through your WordPress Dashboard

  1. Sign in to your WordPress Admin dashboard.
  2. Run a backup of your website either through a plugin that allows you to roll back your website if you encounter a problem, or within your hosting account. Siteground Hosting cPanel offers Softaculous software to install WordPress applications. You can run a full database and file backup within Softaculous. Godaddy WordPress Hosting automatically runs a daily backup which you can restore in the hosting account.
  3. Hover over ‘Dashboard’ in the upper left, then click ‘Updates’ or at the top of the page there will be a circling arrow with a number that tells you how many updates are available. Click this to go to the updates page.
  4. Select one plugin at a time and click Update. I always write down the plugin and the version so if I encounter a problem with the update, I know which version was working before the update.  You do have to be careful running updates, if they were installed with your theme package, you should update your theme first, then update the plugins through the theme interface, otherwise it could cause a problem with the theme.
  5. Some plugins will state their is an update available, but because it was packaged within a theme, the new update might not be available until it comes with a new version of the theme. The Bridge theme comes packaged with the WP Bakery plugin. This is a premium plugin and updates are only available within the Bridge theme update.
  6. After plugins and themes are updated, test your website to make sure it is still functioning properly. If you encounter any problems, it might be best to contact your website designer or host to troubleshoot what went wrong and how to fix it.  There are occasions where plugins have to be deactivated to figure out which one broke the website.

Another Way of Hacking Your Site

In the same Wordfence Security video, Chloe Chamberland, Security Specialist, showed how a hacker can use the Comments feature to gain full access to a website. She used a test website and added a seemingly harmless comment on a blog post.  She had Scott Miller, another analyst sign in to the website and click a link she had included in her comment … something like ‘I really like your post, maybe you can like mine too’ with a link to another website. When Scott went to her website from his link, he clicked a button on the website which said ‘enter site’…. nothing visual happened. Let me reiterate nothing VISUAL happened. In the background when Scott clicked the link to Chloes’ fake website, he inadvertently ran a script which created a user account on his own website, Chloe now had full administrator access to Scott’s website. It was really scary to see how quickly it could be done. Thank goodness Chloe is on our side and uses her knowledge to protect us and update the Wordfence Security plugin to stop hackers from gaining access to your website. Chloe also showed how having Wordfence Security plugin installed on a website would prevent this hack and the first one I mentioned in the beginning of this post from even happening.

So a few final thoughts:

  • Run your updates regularly
  • install a firewall through your hosting company or install Wordfence Security or All in One WP Security and make sure the firewall is enabled
  • disable user registration on your website if you don’t need it
  • watch the following video for more info from the pros at Wordfence Security

 

 

 

 

Journey Electric

Founded in 2015 by Dave and Crystal Jardine, our company’s dedication to timely service and quality workmanship continues to help Journey Electric grow in the South Georgian Bay area.

Every team member works diligently to ensure only top-quality services are provided to every client. Customer Satisfaction is our focus.

The goal of our company is to provide our clients with a one-stop-shop for all of their electrical needs. By providing commercial, residential, underground, maintenance and emergency services, our team has a comprehensive understanding of the electrical industry and current technology to help you with your project or product needs. Click to visit Journey Electric’s website.

Mary-Jo Land

Mary-Jo Land, Registered Psychotherapist specializes in supporting and enhancing attachment in children, bonding in parents and resolution of early losses, trauma and neglect in children.

Click to learn more about Mary-Jo, watch her informative videos or find out about her new book Caring Together: A guide for parents, foster parents and adoptive parents of children who are in care.

MacDonald’s Landscaping

Shawn MacDonald’s Landscaping located in Collingwood was created as a separate building division in 2009 backed by over 20 years of hands on experience. The Collingwood office specializes in landscape design, construction, demolition and snow removal serving Collingwood, Wasaga and Tiny Beach, Singhampton, Creemore, The Blue Mountains and surrounding areas.

Click here to visit MacDonald Landscaping website.

Dan Needles

A truly witty man, Dan Needles has kept audiences entertained with his stories, columns, books and plays. He is an exceptional speaker and most famous for his play Letters from Wingfield Farms starring Ned Beattie.  For more information visit the website of Dan Needles.

Russell Cabinets

Russell cabinets web page

Custom Kitchens & Bathrooms

Bruce Russell and Jeff Russell are the owners and skilled carpenters of Russell Cabinets.

With over 40 years of experience, Bruce started building kitchens in his early twenties and opened his own business in 1981.  Jeff joined his Dad in 2002 and together they build custom kitchen and bathroom cabinetry.

Russell Cabinets specializes in building solid, custom cabinets to fit any space, therefore everything is handcrafted from the design through to installing the cabinets in your home.

The website of Russell Cabinets was originally designed in 2013.  To keep up with progressive technology, the website was redesigned in 2019 with the Avada premium theme.  Jeff wanted the new website to be simple, clean and display many different images of their custom designs. Jeff also wanted the website to be responsive, meaning that it would render well on all screen sizes.

In addition to building custom kitchens, Bruce and Jeff also design bathroom vanities, as well as custom cabinets such as book shelves, board room tables etc.  As a matter of fact, Russell Cabinets built 4 beautiful custom bathroom vanities for my home. Needless to say, their work is exceptional!  If you would like to learn more about Russell Cabinets, visit their website at https://russellcabinets.ca/.

Russell Cabinets is based in Dundalk Ontario and service the surrounding area.

My new website design

At long last I have updated the layout of my website design! I am always so busy working for clients that I never had time to do my own. I was actually embarrassed to share my website with anyone because it looked so outdated.

Anyway, very pleased to finally have it done!

I tried to include many new features websites are using: Parallax images (sliding behind other content), pricing tables, icons, a custom header and footer. Please browse through my website to learn more about what I do, and what I can do for you!