If you haven’t heard yet, WordPress sites throughout the world are being attacked by a huge “botnet” of infected computers. At Computer Courage we take WordPress security very seriously, and want to be sure our customers understand the security risks and know how to protect themselves. On that note, we’ve got some basic information here for you regarding these attacks:
If you want to understand more about why and how these attacks happen, please see our article: WordPress Security and Hacking Explained.
As of the time this article was published, none of our WordPress Hosting & Maintenance customers have been hacked. If you are on our hosting plan, you can stop reading here and rest easy. We are monitoring the situation carefully. Our hosting partner, WPEngine.com, takes WordPress security very seriously and have taken proactive steps to protect against this attack. They have written their own update on the current situation here.
If you are not on our Managed Hosting & Maintenance package, you should consider switching to it now to avoid issues like this (which we’ve seen before, like the timthumb exploit of 2011). If you wish to sign up, just contact us and we’ll get you started. If you are on another hosting package, here is some general advice for you:
- Check in with your host about the current issue and ask what they are doing to protect you and to back up your site.
- Update to the latest version of WordPress immediately.
- Add a backup plugin such as BackupBuddy or VaultPress.
- Change you administrator username to something other than “admin” and change your password to something complex and long.
- Sign up for a free CloudFlare account and put them between the public and your website.
- Consider a Sucuri subscription.
- You can hide your /wp-admin/ folder with this new plugin.
- Consider the 5G firewall (warning: it can do some weird stuff with your permalinks)
- Add the Limit Login Attempts plugin
WordPress is still a very secure and powerful tool, but you have to keep up with security practices and updates to keep it that way. This can be a lot of work, but you can skip all this and let us handle security, updates, backup, and all of this for you with our hosting plan!