Podcast: Play in new window | Download
Subscribe: RSS
In today’s Q&A, we are helping Marnie figure out the top 3 strategies to keep her WordPress website secure from any hackers or issues.
Do you have a question you want answered on our podcast? We would love to help you!
Click here to ask your question!
Resources Mentioned in this Episode
Let’s dive into this week’s question!
JOCELYN: Hey y’all! You’re listening to a Q&A with S&J.
Welcome to the Flipped Lifestyle podcast, where life always comes before work. We’re your hosts, Shane and Jocelyn Sams. Join us, each week, as we teach you how to flip your lifestyle upside-down, by selling stuff online. Are you ready for something different? All right, let’s get started.
SHANE: What’s going on guys? Welcome back to the Q&A with S&J. We got a great question today from one of our Flip Your Life community members and it is about security. We were in the middle of a series right now, about keeping your website and your business safe from hackers, how to avoid getting hacked and how to prevent identity theft. We had our members over in the Flip Your Life community submit a bunch of questions and we are going to answer one of those today.
JOCELYN: Today’s question is from Marney Ginsberg and Marney says, “For complete newbies, what are your top three, most important recommendations for protecting your website? Thank you for taking this terror and turning it into our good.”
SHANE: That is a good description of getting hacked, “Terror” ‘cause man, it was really, really bad.
JOCELYN: There was a lot of terror.
SHANE: Lot of terror especially over the last few weeks; I would say that first and foremost, the number one thing that you can do today, right now as soon as you turn this podcast off, and we spoke a little bit about this in our podcast this week at fliplifestyle.com/podcast57 is to make yourself have long passwords. Don’t have really short, easy-to-remember passwords that use real words, or names, or names of your kids and their birthdays or anything like that. The longer the password is, the better it is. So, I think the number one thing I would do like on your WordPress login is to make sure that you have a long password. Also, you don’t need to use “Admin” as your username. Your username should also be something that is a little complex and that is hard to figure out; we don’t even use real words in our username anymore. You can make WordPress show you as your name even if your email that you sign up for WordPress or you set up your website with is something like X4g3ztw@gmail.com. You don’t have to use “Admin” as your login or your name. Don’t make it something easy for someone to figure out. So the first thing I would do is definitely fix that username and password on your WordPress site. When you first set up your website, it may be, you know, “Admin” or you know, mine used to be “Shanesams” as your username and then your password. What you do is you set up, on your WordPress site or whatever it is right now, let’s say you are still using “Admin” as your login or you have a really weak password, go in and actually create a brand new user and make it have administrative privileges, and make it something with an email that nobody knows, a username that nobody knows and then you can just make it show as your name. Set up a completely new user, give it a new password and then delete your old account, delete your old user completely. And what that will do is that will make your site really secure because it’ll be really tough to login. So the first thing you do, the first tip is definitely don’t use admin as your user name, create a really complicated username that nobody else can know but you, and second is having nice, long passwords; length is very important.
JOCELYN: When you do create your new user account on WordPress, you do want to make sure that you attribute the content from the old one to the new account. If you don’t do that, then your site could completely mess up.
SHANE: It’ll delete everything; right?
JOCELYN: We didn’t know about that.
SHANE: Yeah, we didn’t do that; yes, we did, we totally did that. Our webmaster had set up a ton of stuff on our website, lots of pictures and stuff we had uploaded and we were in such a panic that when we got hacked, we didn’t know what to do and we were like “Let’s just delete everybody’s username but one, so then we’ll at least know there’s only one way to log in.” So we deleted an old admin account from the person who had originally set up our website. Yeah, it kind of deleted every picture, every logo, pretty much everything they had done in the style sheet altogether and we lost pretty much half the website and had to do a rollback. Yeah, so we know better now. So when you delete your old account, there’s a little – is it a dropdown menu that lets you do it?
JOCELYN: I think it just comes up and it gives you two choices; you can delete the content or you can attribute it to new user. So the first of all, you’ll have to create your new user account, then you need to delete the old one and attribute the content to the new one.
SHANE: All right, so that’s our first two tips; is to create a new user with a great username, make sure it’s an email that you are not using anywhere else and you’re only using it for your WordPress site and only you know about it. Don’t make it a public email and have a really long, nice password, and when you set that new user up, delete the old one but attribute all the old content to your new user.
JOCELYN: All right, the next thing that you need to do is make sure that you are always updating your website. Your website is going to tell you up in the top left, if there are updates that need to be done. Don’t just ignore those or do them once every few months or something like that. When the updates come up, you need to do them immediately; and a lot of times they are security updates, things that need to be patched in plugins so make sure that you are always doing those. Make sure that the plugins on your website are actually being used. If you have plugins that are just sitting there on your website and you don’t even know what they are, then probably you don’t need them and it’s just another potential way for somebody to possibly get into your website. So don’t have any unnecessary plugins on your site. In addition to that, be sure that you are choosing plugins that have been updated in the last few months. Don’t pick one that hasn’t been updated for like two years because probably there’s going to be some security vulnerability and –
SHANE: And they never got fixed at all. So yeah, you need to check the date. You might want to do an audit quarterly; do through your plugins and see when was the last time they were updated. Was it a year ago, was it two years ago, you might want to find a more up-to-date, different solution for whatever that plugin does. If it’s your sharing plugin for your social icons on your blog posts, if it’s not been updated in a year, then probably that developer has abandoned that project and a hacker can be out there saying, “Oh, well nobody’s updating this so I’ll find a loophole and it won’t get fixed, so I’ll just find my way into a ton of different websites out there when I find the back door.” Also don’t forget to update your theme and your child themes; don’t ignore WordPress updates or like we use Genesis. Genesis updates any time, the day it comes out an update, and that is probably a security patch. That is not them being generous and giving you free features. Nobody does anything for free. Somebody has hacked that plugin, they patched it up and they are sending it out to you so you don’t get hacked too. So make sure you’re updating that.
JOCELYN: The last thing that we would advise you to do Marney, and anyone else out there who is trying to keep their WordPress website more secure, is just to be aware, just to keep an eye out, look around on your website, look around for things that might be unusual. A lot of times, your users will tell you that something is up but definitely check in, you know, once a day, once a week, just make sure nothing is out of the ordinary. There are no unusual ads that you didn’t put on there or –
SHANE: The contents haven’t been changed.
JOCELYN: Yeah, no unusual content, just keep an eye out and just a little bit of basic awareness can go a long way.
SHANE: All right guys, that was a great question from Marney; thank you so much for submitting it in our Flip Your Life forums. If you would like to get direct access to me and Jocelyn, to ask us questions about your online business or to get help with anything at all, you can find out more information about our Flip Your Life community over at flippedlifestyle.com/flipyourlife. We feature our members on our podcasts twice a week, on our Expert Q&As and the Q&A with S&J and we would love to feature your questions on our podcast as well. So, if you would like to be on the Flipped Lifestyle podcast, all you have to do is head over to flippedlifestyle.com/flipyourlife and join today. Until next time guys, get out there, stay safe, flip your life. We’ll see you then.
JOCELYN: Bye!
You can connect with S&J on social media too!
Thanks again for listening to the show! If you liked it, make sure you share it with your friends and family! Our goal is to help as many families as possible change their lives through online business. Help us by sharing the show!
If you have comments or questions, please be sure to leave them below in the comment section of this post. See y’all next week!
Leave a Reply