How To Reduce The Chance Of A Cyber Attack On Your WordPress Site
Cyber attacks are increasing at an alarming rate in the UK with the ambulance service only yesterday being the latest victim. Along with Shopify, WordPress is one of the most popular content management systems in use and for this reason is one of the most targeted by fraudsters and hackers. We’ll take a look at some of the most common ways criminals exploit WordPress and how to reduce the risk of an attack by completing a vulnerability assessment.
Guarding Against Brute-Force Attacks
A brute-force attack is essentially where a hacker attempts a vast array of passwords using a piece of software that generates and then enters them automatically and is the most common way of gaining access to a WordPress/WooCommerce website. The first step to stopping these is to change your login page, the reason WordPress websites tend to get targeted is because the vast majority of people leave their login URL as /wp-admin/ which means a hacker knows exactly where to go to get to the username and password page. Change this directory to a random name that would be much tougher to find without knowing it in advance, this can be done manually or via a plugin. The second and most obvious thing is to ensure that you don’t use ‘admin’ as your username or an easily guessable password, ensure your password is alphanumeric with special characters used and the longer it is, the better! To add another layer of protection look at implementing a limit to the number of unsuccessful login attempts before a user gets locked out of the site for a period of time. Two-factor authentication is also one of the best ways to stop unauthorised logins, when you try to login a code will either need to be sent to your email address or phone in order to successfully login to the site.
Phishing Scams Are Still Common
Phishing has been around for quite some time but they are still one of the most popular ways for people to defraud customers. There are two ways this could affect you, one is that a hacker has gained access to your site and has either enabled a malicious script to steal customer information or they could potentially copy your site and host it on a similar domain. Ultimately this could be done to any website at any time but the problem they have is trying to get people to visit the site so they often rely on emails and text messages with a link to the site to then steal login details and data from your customers. Ensure you have a policy in place that your customers are aware of so that they know when it is safe to login via a link. Also put extra levels of protection in by potentially using two-factor authentication so that even if a customer’s information is stolen, the person responsible would not be able to access to their account. Always go to a reputable company for cyber security services as it could save you a lot of money and hassle in the long run.