To commemorate National Cyber Security Awareness Month, we would like to share with you the primary things we’ve learned that will help you keep your WordPress website safe.
There are four of them.
1. Don’t Click On Every Email You Receive
This is one of those “duh” statements, but you’d be surprised how many people still fall for phishing emails, including those who administrate WordPress websites.
If you run a WordPress website, be extra careful what emails you click on since, on occasion, you can be targeted, mostly by low-level hackers who want an easy way into your system.
The best way to avoid phishing emails is to only click on emails from sources you recognize. Another obvious truth, but many people fall for the cleverly crafted spam email every now and again.
What makes phishing emails that are targeted at WordPress website owners so deceptive is that hackers know what types of emails website administrators normally receive and are most likely to open.
And even more problematic is the fact that WordPress website owners receive a lot of emails that help them keep track of updates, plugins, and so on.
Naturally, the more emails you get, the more likely it is that you’ll accidentally open a couple of them that are harmful.
This is the precise reason why phishing emails are as effective as they are.
Phishing emails rely on brute force spamming until website owners end up making a mistake and clicking on one of them.
One obvious but important tip to avoid getting phished is to be cautious of the links you click on, especially if you don’t recognize the domain.
It may be easier just to log into your admin panel and navigate to whatever page you need.
2. Keeping Your Software Current
Updating your website’s security is important and will help keep it safe. As it pertains to WordPress, you’ll want to keep your core WordPress version updated along with your plugins and themes.
Today, WordPress offers admins the ability to update their software automatically, and yet a lot of them don’t do so and end up with outdated versions of their software.
While some website admins prefer to keep older themes and plugins for their own reasons, it’s a good idea to resolve whatever issues are keeping you from utilizing the most current software.
As for those of you who have no reason to avoid updating their plugins, enabling automatic updates will be helpful for you.
Vulnerabilities in plugins can make you much more susceptible to phishing attacks since they create avenues that hackers can exploit.
You’d be surprised how effective simply updating your software is at preventing phishing attacks.
Bear in mind that many hackers who run phishing schemes are not high-level hackers with sophisticated computer technology and a detailed knowledge of computer systems.
Most of them are relatively unskilled and go after easy targets.
3. Improve Your Passwords
Having good passwords is a must, especially nowadays, since hackers have had years of practice learning how to pick passwords apart.
Shorter passwords are always going to be easier to guess or figure out through other means.
The longer your password is, the more difficult it is to crack. Thus making your password longer is a good rule to follow, one we suggest abiding by.
Longer passwords are especially good at preventing dictionary attacks, which occur when hackers try brute forcing a hack by guessing common passwords or utilizing strings of letters or words they think you might be using.
We understand that having long passwords can be annoying, partly because they are so difficult to remember.
So, to make it easy on yourself, write down your passwords on a password sheet, which you can refer to when needed. This will be very helpful.
In fact, one of the members of the Sage team keeps a detailed password sheet with around 20-30 passwords, making it much easier for him to keep track of long strings of letters and numbers.
It’s also not necessarily a good idea to use one password for more than one account, although this is usually ok for some things.
If you make an account that isn’t very important, having an easy-to-use password is, of course, going to be beneficial.
For more important passwords, like ones that allow you to log into your bank account or your primary email address, you’ll want to create unique passwords.
Having a variety of passwords in this respect is important since they will help prevent what is known as credential stuffing.
For those unfamiliar with the term, credential stuffing just means that a hacker will use your known passwords and usernames to try and access your accounts.
Hackers are only going to know your information if you either tell them in person or if they manage to steal it from you through any number of electronic means.
Phishing is one of those means, so be watchful.
4. Utilize Two-Step Verification
Two-step verification is a helpful tool for warding off low-level hackers. In fact, the majority of hacks can be mitigated if you set up two-step verification.
Biometric logins, text message verifications, QR codes, and temporary passwords are all effective because most hackers will have a very difficult time accessing them.
The downside of two-step verifications is that they can be inconvenient. We suggest using text message verifications since they are quite easy to use.
Cyber Security Conclusion
To learn more about how you can improve your cyber security, call us at 702-268-9000.