Have you been getting messages like this…
Time: January 15, 2014 10:41 pm
User-agent: Mozilla/5.0 (Windows NT 6.2; WOW64) AppleWebKit/537.15 (KHTML, like Gecko) Chrome/24.0.1295.0 Safari/537.15
Time: January 13, 2014 1:56 pm
User-agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1623.0 Safari/537.36
… in your Inbox?
I see a lot of them but they come in spurts. They get sent out by one of the security plugins I use on my WordPress blogs.
If you don’t get messages like these, it may just mean that you are not being alerted to the fact that hackers are probing for ways to access and take over your WordPress blog. When you don’t know someone is trying to break in, you can’t take any preventative action.
How Secure Are WordPress Blogs?
Did you realise that some 30,000 WordPress blogs are compromised each and every day by being hacked, defaced or injected with malware? That’s a huge number. And, if you’ve ever had a blog hacked, you’ll know how troublesome it is to clean it up and restore it to working condition. You may permanently lose content from a blog as a result of not having a recent backup. Or, if you do backups but aren’t aware of when your blog was hacked, you backups may be of the hacked blog itself.
The simplest measure, as with disease, is that prevention is better than cure.
WordPress, out of the box so to speak, is not secure. That might surprise you. Security is left to the webmaster. And most newbies to WordPress aren’t aware of this fact.
Take a look at that first message at the top of this article. See the username? “admin”. Many people still use “admin” as their default username when creating a blog. It’s easy to accept a default username like this when building a blog with the likes of Fantastico.
Guess what? The hackers know that a huge number of WordPress bloggers never bother changing that default username, either because they’re too lazy or they simply don’t know any better. And “admin” is the first username a hacker will probe a blog with.
WordPress is also helpful to hackers by telling anyone trying to log in what credential is incorrect, be it the username or the password. So, if “admin” is the username, the hacker will know that they’ve got that right and it’s the password they need to crack.
Would it surprise you to learn that “123456” is frequently used as the admin user’s password? Some webmasters just make it so easy for a hacker to break into their blog.
“qwerty” as you can see from the second message above, is another username that’s very commonly used.
So here’s a simple tip to better secure your blog: Use strong usernames and passwords, ones composed of a mixture of upper and lower case letters, numbers and symbols. No, they won’t trip off the tongue and they won’t be easy to remember, so keep a note of them somewhere.
Your blog’s login screen is the front door to the admin pages of your WordPress blog. Doesn’t it make sense to protect your virtual property from intrusion?
The Consequences of an Unsecured WordPress Blog
WordPress security is something a lot of bloggers are unaware of. You put a lot of time and effort into building up your blog and, if it’s not properly secure, all that hard work can be destroyed in an instant through the nefarious actions of some online criminal.
If your blog is compromised, there are several consequences that may arise:
- If the blog is infected with malware, Google will eventually find out and the blog will be blacklisted. Recovering from this can take months as Google has to learn to trust your site again.
- A malware infection also means that anyone who visits your site may get infected in turn. That won’t do your reputation any good and you may permanently lose visitors as a result.
- You income from your site my drop or completely disappear. Commissions may get redirected to the hacker.
- If you’re not keeping tabs on your blogs and one or more get hacked long before you ever find out about it, your blog(s) may be used by criminals in various ways. Your name is still associated with the blog so any fallout exclusively comes your way.
So, to protect your good name, reputation, readers and income, it pays to put some time into securing your blogs. Doesn’t it? It will save you a lot of heartache in the long run!