I have a couple of websites that I own and have built myself. As a result, I’ve gotten reasonably confident using WordPress. One thing that I’ve set up is an email to let me know if someone is locked out of my site, so that I can contact them to see if I can help. However, what this has shown me instead is that someone is seriously trying to hack into my website!

How can I see if someone is trying to hack me?

From your WordPress dashboard, click on [Settings].

Now click on [Limit logon attempts]

This morning, I found that 1962 failed attempts have been made to login to my website, using 3 different usernames:

  • cluttercoachkaren
  • admin
  • test

What can I do to prevent my website being hacked?

  1. Recognise that any website can be hacked, however, you don’t have to make it easy.
  2. When you create a username for your website, don’t use admin, test or anything similar. As you can see, these are the first usernames someone has used to try and take over my site.
  3. Have more than one username for your website. Keep one for system administration (setting things up in the background) and one for blogging with. That way, if someone does hack your password for your blog, then that person doesn’t have control of your website.
  4. When you create your password, use as many characters as you can. Again, don’t make it easy to hack your website by using any of the common passwords. Each year SplashData compiles a list of the most frequently used passwords. Check out the list, and make sure that your password isn’t one of them!
  5. Change your password periodically. When I worked in the NHS, all users were forced to change their passwords monthly.
  6. Checkout [Limit logon settings]. Limit the number of times someone can try and logon without being locked out.  In addition, make sure that you have both [Log IP] and [Email to admin after] ticked. You can then forward this information onto the police should they be successful, and use the emails as evidence.
  7. Install plugins such as Wordfence to protect your site. I also have Sitelock installed.
  8. Backup your website frequently.
  9. Purchase an SSL certificate from your website hosting company.

We are all at risk of being hacked in some shape or form. Being aware of the risks is the first step in prevention.

Useful articles:

Take care for now

Karen x