I received three of these lovely emails yesterday – after three attempts the IP address is blocked.  On average I receive a couple of these emails every month.

This is a hacker attempting to get into my site.  They put out bots that trawl the internet looking for WordPress sites (and of course other types of sites, it’s just that I happen to have a WordPress site) and automate their hacking attempts.

I did consider that it may be a glitch and was only one of the forum members trying to recover a lost password.  However when I looked up the IP address it definitely wasn’t one of the members.

Yes, the IP address was in the Ukraine.  I’m sure there are a lot of lovely, honest, moral people in the Ukraine.  However they also have a bit of a reputation for being home to large hacking organisations.

WordPress websites are brilliant.  Easy to use, update and change.  Simple.  Effective.  They’re used so much that they make an easy target for hackers.  Because the default WordPress setup isn’t highly secure.  You, the site owner, MUST make sure you add extra security to your site.

I know of several high name businesses that had their sites hacked last year, that I wasn’t one of them was due more to good luck than good management at the time.  Fortunately I was able to learn from other people’s mistakes.  It’s now a huge Fail for hackers when they try and attack my site.

Security of your website should take a three pronged approach:

  1. Have a recent backup. Automate the backup if at all possible, so you can set and forget.  Make sure it’s recent.  There’s no point in a backup that is six months old when you need it.  If you’ve got a WordPress site this is a great plugin to use: http://austinmatzko.com/wordpress-plugins/wp-db-backup/
  2. Always have your site updated to the latest version. No matter what you use to build your site, make sure it’s up to date.
  3. Secure your website. At the very least, for WordPress users, install the Firewall plugin: http://www.seoegghead.com/software/wordpress-firewall.seo

Better still; put full security on your site.  Check out John Hoff’s WordPress Defender ebook and video’s.  Yes, it’s $39.  Having had my site protected from hackers over the last year is worth a heck of a lot more than that to me.

Don’t think it can’t happen to you.  Hackers don’t care how big your business is, who you are or what you do.  They’re out to destroy your site, and quite possibly your business in the process.  You take out insurance on your car and your house, so take out insurance on your site as well.