As you may or may not have heard, this past week saw a significant number of hacking attempts on WordPress-based websites.
That’s the bad news. The good news is: 1) A quick check of our client sites showed that no one has been hacked; and 2) A simple, five-minute fix can decrease the chances of a hacker gaining access to your site.
In this instance, hackers are attempting to enter sites by going to the login section of the site, using the user name “admin”, and then using a dictionary-based algorithm to find passwords. We suggest changing your user administrative name and password to make it more difficult for hackers to find your username/password combination.
To do this:
1) Log in to the dashboard section of your site.
2) Hover over “Users” in the menu on the left side of the screen, then click on “Add New”.
3) Complete the fields on the “Add New User” page. When choosing a new username, do NOT use “admin”, your company name, or a name already in use on the site.
4) When you choose your password, use something that will be difficult for a hacker to obtain. Use a combination of upper- and lowercase letters, numbers, and symbols, and make certain your password is at least seven characters long.
5) Write down your new username and password somewhere safe so you won’t forget it!
6) In the “Role” drop-down menu, select the “Administrator”.
7) Click “Add New User”.
8) Log out of the site, then log back in using the new credentials you just created.
9) Go back to the “Users” menu, then select “All Users”.
10) From here, you can either delete the old user accounts, or — and this is what we like to do, simply because we like to frustrate hackers — you can change the access level to “Subscriber”. That way, a hacker could possibly get into the site, but would be unable to do a thing.
Additionally, keeping your site updated with the latest version of WordPress also helps keep hackers at bay. The current version is 3.5.1. If you are using a hosting provider other than Deluxe Interactive Services, contact your host before updating to ensure they meet the minimum hosting requirements.
If you are a client of Deluxe Interactive Services and have any questions about this issue or need help with updating your user access, please do not hesitate to contact us either by email or telephone and we will be happy to help any way we can. We also welcome questions from anyone needing suggestions on safeguarding their WordPress sites.
Joomla sites are also under siege. Deluxe Interactive Services currently does not employ Joomla on any client sites. Contact your administrator for questions regarding safeguarding your Joomla site.