WordPress Security

As well as the normal website design and SEO services we can also maintain and administer an existing website.

We were recently contacted by a new customer whose website had become the target of hackers. The result of all of this is that their website had become full of spammy posts. Google was subsequently penalising their website in search engine rankings.

To get the website back into good health we had to delete the spammy posts all 400 of them. The hackers had also created a number of phoney admin accounts approx 150 these were also deleted.

The website used the default Administrator account, we suspect that hackers were able to comprise the account via a brute force attack. A new administrator account was created with a non-generic name  using a strong password. Also, a new WordPress editor account was set up for the client to continue to create new and edit existing posts. Luckily Wordpress and its plugins were fairly up to date, as a precaution, these were all updated to the latest versions.

WordPress Security In Summary

1. If you are using Wordpress avoid using 'Administrator' for the Administrator account, also avoid posting with the admin account use the Author or Editor roles.
2. If you have multiple people contributing to your website and blog, use the appropriate WordPress role.
3. Always make sure plugins and WordPress are at the latest versions.
4. Disable and remove the files from any Plugin's that are no longer been used.
5. If there is even the slightest possibility that your website has been hacked, consider changing passwords.
6. Always ensure you have a backup of your Wordpress (or normal static) website.
7. Consider using a security plugin with Wordpress such as the All in One WP Security & Firewall or Wordfence