WordPress has been hacked, how come my WordPress website has been hacked?

/0 Comments/in ,

You have a website that suddenly displays advertisements or forwards visitors to another website. Or worse, your website sends spam  (E-mails with unwanted advertising).

You haven’t changed anything on your website and yet your website was “suddenly” hacked.

Then the question arises: how come my WordPress website has suddenly been hacked?

  1. Would it be the programmer’s fault?
  2. Have I done something wrong in the website?
  3. Has someone deliberately hacked your website? The competition perhaps?

You have a lot of questions, but the answer is very simple on 99.9% of the websites:

A virus, script has modified your website. Completely automated and will affect thousands of other websites.

Is that so easy? Is there nothing to do about that? Who is behind those hacks?
Read on if you want those questions answered! (Brace yourself because it gets technical.)

The cause of most hacks: via outdated plugins and themes

Plugins and themes are responsible for 45% of hacked websites.
Hackers download the plugins and themes and test them for security vulnerabilities.
At wpvulndb.com you can see which plugins and themes are leaking.

A leak, what does that mean… it’s not a swimming pool!
A leak is a collective name for the possibility to give commands (hacking) to the server.
This can be done via input fields that are not closed, via files with wrong permissions, via incorrectly saved data and more.

Okay, now that you know that plugins and themes are 45% of the causes of a hacked WordPress website, you think: simply use few plugins and it’s solved!

But unfortunately, there are more security risks with a WordPress website. And that starts with the programmer who creates your website.

The security risks of your website in percentages:

de piramide van WordPress beveiling

As you can see, there are several factors that can make your WordPress website hackable.
The programmer, the web host, you as a user, the CMS itself and, as mentioned earlier, the themes and plugins.

Who goes to all that trouble to find and exploit security risks?

Hackers, cybercriminals, thieves.

And very occasionally ordinary citizens who live in countries where not enough money can be earned with the regular job. IT professionals who have been laid off but still have to support their families.
This can sometimes even involve intelligent ICT people with 20-30 years of experience. Or even entire IT departments…

Many hacks and attacks come from poor countries, since you only need internet and an old computer to write a virus/hack.

How does a hacker earn money from my website?

If you have a website that is about your family or about your hobby, you can’t imagine that a hacker can make money from your website.

Yet you can!

Link building
By placing links in your website, a hacker can increase his website considerably in Google.

Selling products through a wide range
The hacker uses your good name/website and that of thousands of others to sell his product.
Imagine you have a website with beauty products, and it contains a link to a product that prevents aging or other problems.
There are still a surprising number of people who buy such a product.

The product often costs 100-200 euros, has to be paid via the internet and ends up in an anonymous account. The product is not delivered.. and that gives the hacker a lot of money without incurring major costs.

And so there are many ways to make money when a website is in the power of a hacker.

WordPress seems very insecure, should I switch to another CMS?

It’s not WordPress that’s insecure, it’s the plugins, themes, and the aforementioned external factors that give hackers the ability to hack into your website.

WordPress is well maintained and secured, you just need to know how to handle it.

I’m just starting a new website, should I choose another CMS?

Every CMS has to deal with hacks.

The programmers of WordPress (Automattic) work daily to keep the CMS as secure as possible. New updates are regularly released to keep the system safe.

40-60% of all websites in the world run on WordPress, and for good reason.

WhyWordPress is a good basis for company websites, webshops and blogs

  1. WordPress is open source and can be downloaded for free at WordPress.org.
  2. You can expand your website with more than 55,000 plugins.
  3. For questions you can contact many WordPress programmers, designers and forums.
  4. WordPress is continuously being developed.
    (Think of the REST API, Gutenberg editor, Privacy options, SSL support)

What can I do to secure WordPress?

Install and configure a security plugin:
First of all, it is important that you a good security plugin a> installs. A security plugin works like Antivirus & Firewall for your website.

It is important to set up the security properly.
The security plugin needs to be tuned to best protect your website against hackers and hack scripts, but your WordPress website and plugins must have permissions to function.

Using plugins:
Limit the number of plugins, as each plugin contains a series of code that can be used by hackers to get into your website.

The hosting:
How do you know if a hosting party is good?
Make sure they have 1 of the most recent php versions.
Do not go for a budget package of 1 euro per month, but pay a little more to a hoster who also provides support by e-mail or preferably even by telephone.
Choose a hosting party that has been around for a number of years and that has many customers.
This way you have a reasonable chance of finding a good hoster, where your website is on a secure server under the supervision of specialists.
Note: They are responsible for the functioning and keeping the server online, they are not responsible for what you or a hacker does with your website. They can therefore not fully protect your website against hackers, that is simply not their job.

What does it cost if I have my WordPress secured?

We offer a monthly maintenance subscription where we secure WordPress and keep it up-to-date. We also check the website for break-in attempts and we actively prevent hackers.

You can easily request that subscription, click here for the current rate.

Yes, but my WordPress has already been hacked!

We can remove the hacks and ensure that the hackers no longer have a grip on your website.
We will not calculate the costs for this in 1x, but through an affordable subscription.

After removing the hacks, backdoors and blocking the hackers, we keep your website up-to-date and keep an eye on it.
This way you can be sure that you are rid of those miserable hacks and hackers, and that they will not come back!

Have your WordPress website now hack-free and secured by us.

10+ years of WordPress experience

We have been working with WordPress since 2007. We have developed hundreds of websites, all with WordPress. We have been doing the management and maintenance for our customers for years.
With us you can assume that your WordPress website, large and small, is in good hands.

But… everyone calls themselves a WordPress specialist, even people who can only read the manual of a theme or plugin…

And that is why we recommend that you contact us before you let someone work on your website.
Ask some questions, test the knowledge of the programmers, server administrators, designers.

And feel free to contact us, so that you can be sure that professionals are working on your website.

Click here for our contact options.

Interview From Ryan Dewhurst (WPScan) & Mark from WordFence on securing your WordPress website

/0 Comments/in

Ryan Dewhurst is the creator and founder of WPScan, in this interesting interview with WordFence he explains what WPScan can do and what that means for WordPress security.

What is WPScan?

WPScan is a program that runs in Linux (Currently installed by default in Kali Linux) that allows you to test the security of your WordPress website.

WPScan allows you to perform the following security tests that reveal both information and vulnerabilities:

  • User accounts
    WPScan will attempt to extract usernames/accounts.
    A username is 50% of the required login details to get into the WordPress administration panel.
  • Brute force testing on passwords
    With a large glossary, WPScan fires all passwords on the website. When the correct password is guessed you will see this result.
  • Checking the active plugins
    Both the plugins and the version of the plugin + the known vulnerabilities for that version are displayed.
  • WordPress leaks
    The current version of WordPress is searched for in 6 ways.
    If there are leaks in the relevant version, they will be displayed immediately.
  • And more..

With WPScan you find out where your website is leaking and what steps you need to take to make your website more secure.

WPScan is called a pen test. This is an abbreviation of “penetration test”. In short: how far does a hacker or hackbot get into your website.

The beginning of WPScan

WPScan was founded in 2011 as a tool to test WordPress websites for their security.

In 2014, the website wpvulndb.com was added, a public website where everyone can easily see which plugins, themes or WordPress core contains leaks (exploits) .

WordFence and WPScan

WordFence, who developed a renowned security plugin for WordPress, has long been using WPScan to improve WordFence. They look at the so-called exploits (weaknesses that can be exploited) that WPScan indicates.
They also use the information from wpvulndb.com to see which plugins are leaking.

Tips from a security expert

You can protect yourself against hackbots and hackers who use various methods to hack your website.
Ryan Dewhurst lists the 3 most important in the interview:

  1. Limit the number of administrators who can manage your website
  2. Use good passwords
  3. Install a security plugin such as WordFence

Addition: using a security plugin ensures that hackers get little information from your website. Hackbots’ requests are blocked based on patterns, the specific queries, and based on the number of requests.

We ourselves use iThemes Security PRO, but we recommend everyone who is not yet a customer of ours: put at least 1 security plugin in your website and properly configure that security plugin. Without a security plugin, your WordPress website is an open door that can be rattled until a hacker can get into the admin with and malware can places with all the consequences.

The interview

If you master the English language you can watch the full interview.

https://youtu.be/uiN1j3BvqIc

Is the video no longer available? Let us know info[a]wpbeveiligen.nl and we will look for an alternative on youtube.

Plugins, “the candy” of WordPress

/0 Comments/in

54 THOUSAND free plugins!

WordPress.org currently offers 54,826 plugins.

Plugins that can take your blog or business website to the next level.

But, it’s like candy: you shouldn’t have too much of it, or it will work against you. Although it’s challenging because it’s so tempting to try them all.

And now you might say, we’ve heard this before. We know, not too many plugins, security, website speed, blah blah blah…

We manage many websites, for over 10+ years… and let us tell you: it’s a mess!

Professional web agencies

Professional web agencies still load websites with too many plugins. And not only too many, but also plugins that don’t work well together.

For example: You can use 1 SEO plugin, but there are dozens available on WordPress.org.

You have a plugin to handle Google, a plugin to create XML sitemaps, a plugin to display data structured for Google… etc.
The drawback: they all do a little bit of everything. They also overlap in functionality. They don’t work together! You’ll notice this when you get unexpected results or indexing problems in Google.

Anyone can install plugins, but configuring them properly is a study in itself.

Making an overloaded website faster with even more plugins?!

slow website due to cachingAnother good one. We see websites every week that are supposed to be fast and therefore have multiple caching plugins.

One for the speed test, one for Google, one for lazy loading images, one for caching HTML & CSS, and of course one that combines queries to make your website even faster! And to balance it all out, a super caching plugin to serve static pages…

That’s like taking an energy drink for energy, a painkiller for the headache caused by the energy drink, and then using an antacid and an anti-nausea pill to deal with the side effects.
Crazy, don’t do it!

Of course, you can use 1 speed optimization plugin and 1 SEO plugin, but do your research first. Look at the features, how they work, and if you can configure them according to your preferences.

Another pitfall: premium plugins

Premium plugins are professional, so they must be fine!

feature-rich pluginsWRONG! Even if you buy a $199 plugin, there’s a team behind it turning the plugin into an airplane cockpit.

Because the client wants to do everything! Manage everything without writing a single line of code, everything should be click and play.
Sounds great, but you won’t believe the impact it has on your website. Complete teams spend months writing code with a multitude of features and customization options, unloading jQuery databases, throwing inline code into HTML… all for the sale of that expensive plugin and to meet the client’s demands.

So be very cautious

with premium plugins as well.

Stick to 5-15 plugins max!

Demand from your web developer not to use plugins for every little function.
We know, it saves them work and time, keeping costs low. But in the long run, it almost always leads to problems with updates and the functionality of the website.

As a website owner, don’t just throw plugins into your website without consideration.

But as a website owner, don’t just throw plugins into your website 😉
I know, you encounter a problem and see that it can be solved with 1-2 mouse clicks. But you might be jeopardizing the structure of your website with the plugins you use.

Nice story, WPbeveiligen!

From the candy store to a story about what you should NOT do. That really cheers us up!

Now that you know what not to do, let us help you do it right.

Plugins, what to do:

  1. Research which plugin works best. For example, if you want to use a caching plugin, search for best 5 caching plugins for WordPress on Google or DuckDuckGo 😉
    But beware, the first and second results are often ads. Both on Google and on the website itself. They get a commission if you purchase the plugin. So feel free to look at the free version and don’t go for the “best” one that requires payment or a subscription. A free plugin is often just as good as a paid one.
  2. Check the reviews. Plugins have a “star rating.” Look at the number of people who have given ratings and the number of stars the plugin has earned.
    Check if the plugin has been updated recently, indicating that it’s being maintained by the developer.

Now, a list of free plugins that have proven themselves over the years:

  • Autoptimize – For website speed optimization.
  • WooCommerce – From WordPress itself, for building an online store.
  • Yoast SEO – The best plugin for optimizing your website for Google.
  • iThemes Security – Security is essential!
  • Count per Day – Track the number of visitors to your website.
  • UpdraftPlus – For backups, as your host may have limited storage.

All of them can be found in the wonderful plugin library of WordPress.org.

Do you have any top plugins to recommend? Or any questions? Let us know in the comments!

But remember, not too many plugins at once!

Preventing others from stealing your texts for their own websites

/0 Comments/in ,

You’ve just written a great article or conducted an in-depth interview, and the last thing you want is for someone to simply copy your article and display it on their own website.

Everyone knows how easy it is to copy texts. You select the text, right-click – Cut, and Paste it on your own website.

Is it possible to completely prevent text copying?

Unfortunately, not entirely. Programmers and true content thieves know multiple ways to extract text from a website. But you can make it as difficult as possible!

Preventing text theft with a plugin

The “WP Content Copy Protection & No Right Click” plugin is one of the best ways to make it much harder to copy texts from your website.

Download the plugin for free

What makes this plugin a good solution against text theft?

  • The plugin blocks the ability to Cut & Paste through right-click
  • The CTRL-C & CTRL-V shortcuts are also blocked
  • The ability to select text by hovering over it is blocked

Finally, the plugin also includes methods to make it more difficult to copy images. “Save As” and dragging images are blocked.

How effective is this plugin?

The methods used by this plugin are 70% effective in preventing text copying for most visitors.

Well, has my text already been copied by others?

You can easily check if texts have been copied. When you enter a search query in Google, put the text in “quotes”.
As an example, just take a sentence from an article, put it in quotes in the Google search bar, and see if there are results from other websites.


If all goes well, you will only see your own website in the results 🙂

Copying Texts, to What Extent Is It Illegal?

Don’t immediately rush to write a letter to your lawyer.
Small pieces of text can be copied. A few sentences.
In this case, it is polite if they refer to the source, in this case, your website, but it is not mandatory.

When It Comes to Complete Articles, You Can Take Some Steps

Ask the owner of the website, or the person who posted the texts, to remove your texts or, if you are more interested, to show you as the source in or below the article.

If you do NOT suffer financial loss from it, consider the copying as confirmation that you have written a good article.
Don’t worry too much about it and continue writing new great articles!

But now with the plugin to make copying a bit more difficult?!

Guarantee, convenience and security for WordPress websites

/0 Comments/in ,

Deception is part of the hacker’s game

The tricks of hackers go beyond the knowledge, perseverance, and experience of programmers. It’s not due to a lack of expertise but simply because there are thousands of tricks to infiltrate and maintain malware in a WordPress website.

The ongoing battle of a major IT company

This reminds me of the struggle faced by Microsoft, where billions of dollars were invested in protecting Windows against hackers, trojans, and viruses.

And has it been successful? Is Windows impenetrable, 100% secure?

No, criminals come up with new tricks every week, even fooling companies like Norton Antivirus, Kaspersky, and other companies dedicated to intercepting malware, viruses, and the latest tactics used by online criminals.

Now you can understand the importance of having guaranteed security for your WordPress website, as anything can happen!

Whether it’s a small website, a large corporate website, or an online store, NO ONE wants to deal with the detrimental effects of hacks or the costs associated with removing them from the website.

WPbeveiligen = Standard Guarantee & NO additional costs

With our subscriptions, we provide standard guarantee: if a hacker manages to infiltrate your website despite all the security measures we have implemented, we will undo the hacker’s malware/hacks, locate any backdoors, and intensively monitor the site.
We will catch the hacker in their virtual tracks!

This guarantee is provided without any additional costs!

Letting your WordPress website be secured, how does it work?

/0 Comments/in

Securing your WordPress website is important but can also be daunting.
So, what happens to your website?
What do we expect from you?
Does security come with limitations?
Who can access my website?

Time for answers!

What happens when you sign up for securing your WordPress website?

  • First, we create a backup of your website.
  • Then, we connect your website to a monitoring program that allows us to monitor your website, perform daily malware scans, and check the Google status.
  • We evaluate the security of your website based on the plugins and theme you’re using. Are they up-to-date and considered secure?
  • We check the files on the server for any existing malware and backdoors, which we carefully remove.
  • If necessary, we also scan the entire database for iFrames, base64, and backdoors.
  • Once we are confident that everything is secure, we activate a security program tailored to your website.
  • In the final steps, we check the functionality of the website for any irregularities, ensuring that all plugins work properly after the updates.

In 90% of cases, everything goes smoothly, and there are no visual or functional changes caused by the security measures.
In short, you won’t experience any disadvantages from the security measures 😉

In fact, your website usually becomes slightly faster, especially if there was active malware. Malware puts a strain on the server and often initiates multiple processes before your website fully loads, causing delays.

What do we expect from you?

We only need the FTP credentials to examine the server. If you have custom code, we’d appreciate it if you or your web designer could inform us so that we can handle that code with extra care.
That’s all we expect from you.
If you can’t find the FTP information right away, we can help you retrieve it. Often, the web host or your web developer will have the server information.

Does securing your WordPress website come with limitations?

No, we ensure that you only enjoy the benefits of security and that it doesn’t limit your website.
We make it difficult for hackers and malware, but we do so in ways that don’t restrict the functioning of your website.

Of course, you have the freedom to choose which plugins you use.

We simply advise against using too many plugins, and if there’s an insecure plugin, we’ll assist you in finding an alternative or a way to continue using it securely.

Who can access my website?

Only WPbeveiligen.
As the owner of WPbeveiligen, I have access to the data, and in some cases, a trusted staff member assists with additional checks and updates.

Your data remains protected and stays with us.
Safety first!

You can confidently trust WPbeveiligen to secure your WordPress website.

If you have any further questions, feel free to contact us by phone, email, or visit our office. You can find all the information on our contact page.

Is WordPress security really necessary?

/0 Comments/in

WordPress security may seem unnecessary to many website owners, after all… there are millions of websites built with WordPress, right?! Does that mean they are all insecure? Read now whether WordPress security is necessary or unnecessary for your WordPress websites.

WordPress itself is secure

WordPress itself is kept incredibly secure and up-to-date by a team of professionals. WordPress itself is not a security risk as long as you keep it updated!

The problem lies in the plugins..

The plugins

The plugins pose the risk. Plugins are created by different individuals, and not everyone has received a high level of programming education.

As more plugins are used, the risk of errors in the code also increases.

Hackers

Hackers are constantly looking for ways to infect websites with malware, advertisements, and primarily links to their own products or services. This is known as black-hat SEO.

The question again, is WordPress security necessary?

This depends on the number of plugins you use. If you use 3 and keep them up-to-date, your website doesn’t carry much risk.
But if you use 10, 20, 30, or even 40 plugins… then you need to take certain measures to prevent hackers from easily gaining access.

Managing security yourself or outsourcing?

You can manage security yourself or outsource it. Whether you manage it yourself or outsource it depends on several factors:

Securing your WordPress website yourself

If you have a simple informational website.
If you use a few plugins, maximum 5-8.
If you keep them properly updated.
If you use strong passwords.
If you don’t give just anyone access to your website.
If you have a security plugin like iThemes Security OR Sucuri OR WordFence installed.
If you have a good web host.

In this case, things can go well for years without any problems or malware.

Having your WordPress website secured by professionals

Do you have an online shop? Do you offer services and products? Do you have a contact form, quote form? In short, do people enter important information on your website?
Are you heavily dependent on your website for income? Do you have a reputation to maintain?
In other words, are you a medium-sized to large company?

In that case, it is best to have your WordPress website professionally secured.
The costs of a hack, of a damaged Google reputation, outweigh the relatively small monthly amount you pay for the security and maintenance of your website.

Secure and maintain your website with the following security and maintenance measures:

  • Controlled updates – Periodic and immediate for known vulnerabilities
  • Professional security – Through a good firewall, proper configuration
  • Monitoring – User activity, messages, uptime
  • Recovery guarantee – No costs if a vulnerable plugin causes issues
  • Backups – Daily backup to an external data vault
  • Question and answer – Technical support
  • Debugging – In case of plugin or theme conflicts

Request security and maintenance for your WordPress website now!

Request

You Must Secure WordPress Against Hackbots – now read why

/0 Comments/in

Most people don’t know it, but you need to secure WordPress against hackbots, not just against that one person manually trying to hack your website! Why should you secure WordPress against hackbots and not hackers? Well…

99.9% of all attacks on WordPress websites are executed by hackbots.

With this knowledge, you now understand why your number one priority should be securing your website against hackbots.

What is a Hackbot?

a friendly hackbot
A hackbot is essentially an advanced script designed to hack other websites. The script is executed by a bot or robot, typically a server since it has an internet connection.

Hackbots can continuously search for WordPress websites with known vulnerabilities in plugins, outdated WordPress installations, themes, and security.

Securing WordPress, isn’t that the web developer’s job?

web developer designerNo, most web developers create websites. Web developers focus on design, content, and, in the best case, they install and configure a free security plugin.

Most web developers then move on to the next website, while ongoing maintenance and protection against hackbots are necessary.

Securing WordPress, isn’t that the web host’s job?

No, your web host is not responsible for the software and plugins you use. The web host will allow you to use outdated plugins, vulnerable versions of WordPress, or themes with vulnerabilities.

Why Hackbots Pose the Greatest Risk

A hackbot can easily launch 1000 requests (read: attacks) per minute on your website to test for vulnerabilities. In contrast, a human can manually test only 3-5 vulnerabilities per minute if they type very quickly 😉

How Does a Hackbot Work?

A hackbot scans search engines for websites built with WordPress and then looks for:

  1. Outdated plugins with known security vulnerabilities
    Plugins are coded by third parties, different individuals, and sometimes entire teams. Not everyone prioritizes security, which allows hackers to discover and exploit vulnerabilities.
  2. User accounts
    It examines the authors and possible passwords. Sometimes, passwords are exposed in a breach (Check here), and in the worst case, they are easily guessed passwords through brute-force attacks.
  3. Themes
    Weak points in themes are tested, such as input fields and outdated add-ons.

If security vulnerabilities are found, a hackbot runs a script specifically designed for that vulnerability. In the hacking world, they call it a payload.

Hackbots Continuously Evolve

This makes it extremely challenging for web developers and other service providers to focus on their field of expertise without constantly staying up to date with the latest changes in hackbots.

When hackers realize their hackbots are no longer bypassing security measures, they modify the bots/scripts.

But I Have a Small Website!

That’s also one of the differences

between hackbots and humans. A bot attempts to infiltrate EVERY website, no matter how small it is.

Whether you’re a local hairdresser, baker, or bicycle shop owner… for a bot, every website is one it would love to take over.

In contrast, humans often target larger companies or online stores.

Securing WordPress Against Hackbots: How Does It Work?

When you know what a hackbot looks for, you also know what you need to hide and how to block access for those nasty hackbots:

  1. Start by logging the requests (attacks).
  2. Then block hackbots based on their IP addresses.

Wow, that’s simple, right? Just throw in a security plugin like iThemes Security, Sucuri, or Wordfence… What? Install all three of them!

Securing WordPress with a Security Plugin

Installing a security plugin won’t immediately close all doors for hackbots.

There’s more to securing your WordPress website:

  1. You need to have server security in place.
    In most cases, this responsibility lies with your web host. Make sure you have a good web host that keeps the server up to date and secure.
  2. You need to use strong passwords.
    No, not your cat’s name with the postal code or your birthdate appended to it 😉
  3. You need to limit the use of plugins.
    Each plugin loads code that can contain vulnerabilities.
  4. You need to keep your website up to date.
    You can have strict security settings, but if a plugin is outdated and vulnerable, a hackbot can compromise your website in 1-2 targeted attacks before the security measures kick in and block it.

Can I Secure WordPress Myself?

With the knowledge you have now, you can better secure WordPress. You know what you need to protect your website against.

However, it is a specialized field, and hackers worldwide are constantly working to create hackbots capable of taking over WordPress websites.

If you have a large business website, it’s important to have your website secured by a WordPress specialist.

As you’ve probably realized by now, we are WordPress specialists in security! You’ve come to the right place to secure your WordPress business website.

Do you want to secure your website?

Click here!

WordPress Monitoring with Screenshots

/0 Comments/in ,

We have great news! We are expanding our comprehensive management and update service package with screenshots!

We now take a daily screenshot of your entire homepage, which we store and can review at any time in a timeline.

Why Daily Screenshots are Important

  1. Screenshots provide literal “insight” into changes that can occur during updates
    By taking a daily screenshot of your homepage and saving it, we have a valuable archive of your website at different points in time. These screenshots show how your website looked on that specific day. This allows us to identify and correct any changes.
  2. Convenience during discussions
    If changes occur, we can refer to the screenshots, and you can point out any potential differences.
  3. No need for photographic memory
    While you, as a website owner, may know your website very well, you don’t have a photographic memory. We, of course, are familiar with your website, but we mainly focus on the technical side and also lack a photographic memory. But now, with the screenshots, we do!

Convenience and Assurance

With the new daily screenshots, we offer an additional level of convenience and assurance in managing your website. It’s our way of ensuring that we can always refer back to a previous state of your website if needed.

Daily Screenshots Now Included in All Our Maintenance and Security Packages

Best of all, this service is now included as a standard feature in all our existing maintenance and security packages, at no additional cost to you!

Would you like to enjoy security and peace of mind? Have us continuously maintain and secure your website!

Click here for a maintenance and security package

Securing your WordPress admin – Secure your admin against bots now

/0 Comments/in

Protecting Your WordPress Admin from Bots

Your WordPress admin area needs to be protected against bots. Many people are unaware that even the website of a hairdresser or a baker receives between 100 and 3000 bots per day.

Each bot may vary in sophistication, but you want to deny access to all of them. Block them.

The admin area, usually located at /wp-admin or /admin, is the backdoor to your website that is intended only for you as the administrator!

Why Do We Secure WordPress Admin Against Bots?

  1. Bots Install Backdoors
    Bots are often clever enough to activate a file upload plugin and thereby place backdoors on your server, or they can simply inject them through the theme/plugin editor.
  2. Bots Insert Unwanted Advertisements
    It takes a bot just 1 minute to add links to shady webshops on every page of your website.
    This can harm your Google reputation.
  3. Bots Insert JavaScripts
    With a simple line of code, your pages can suddenly redirect to shady webshops or other websites that you usually want nothing to do with.
  4. Bots Create Administrators
    Bots usually create an administrator account and remove the others, preventing you from accessing your website to remove the unwanted advertisements from your pages.

Bots are pre-programmed to perform as many tasks as possible and to continue using your website as long as possible through hidden techniques.

Bots, or viruses when they spread to other sites through your website, are harmful to your website. They are harmful to your visitors and your revenue. It costs money to clean your website from bots.

In short, you must keep bots out of your admin panel at all times.

Why It’s Easy for Bots to Launch Attacks on Your Admin

Every admin panel worldwide is located at the website address /admin, wp-admin, or wp-login.php.

Furthermore, many admin panels are not secure. Bots can launch thousands of attacks unnoticed without brute-force protection.

Okay, okay, we understand that securing the admin against bots is crucial!

How Can I Secure the WordPress Admin Panel Against Bots?

Use a Configured Security Plugin
Use one security plugin, not three! More is not better in this case because they all store IP addresses and other information in the database. Multiply that by 100-3000 IP addresses (from bots) and then multiply it by three security plugins.

So, use one security plugin and configure it properly.

Limit Login Attempts?

Secure the WordPress admin with Limit Login Attempts.
It’s a good idea, just review the settings so you won’t be overwhelmed with notifications.

iThemes, WordFence?
You can use them too, as they provide many additional security options that can be overwhelming.

Free versus Premium?
In most cases, the free versions of the mentioned security plugins are sufficient.

Is premium better?
In certain cases, premium plugins can block bots BEFORE they launch attacks based on firewall rules. This is better if you have a large website, a corporate website, or an online store.

Help! I Receive Daily Email Notifications That My Admin Is Under Attack?!

If you are sure that you have properly configured the security plugins, you can often disable those notifications. Otherwise, you’ll receive emails about brute-force attacks, bots being blocked, etc. all year round.

Want to Ensure Your Admin Is Secured

Against Bots?

Then please contact us. We secure and maintain WordPress websites on a daily basis.