Over the last day, I can count on both hands the number of photographers I have heard of sites being hacked. The biggest fear is losing your site completely … and not being able to recover it, right? Because two of my recent clients can tell you, sometimes even your web host, cannot help you save your site.
So let’s figure out some ways to safeguard your site from an impending attack:
1. Update WordPress
I truthfully cannot tell you the number of clients I book where, upon entering their site, I see they are running an older version of WordPress. They push these updates for specific reasons, so please do not take it lightly and update your WordPress. While you may be scared to do it, click the update and JUST DO IT! Well, first, follow step 2 and then do it. You are given two options – to upgrade automatically or do it via WordPress download. Choose to upgrade automatically and as long as your PHP is running the right version, it will do it automatically. If you run into a problem where it fails to upgrade automatically, chances are it is due to the version of PHP you have chosen (or defaulted to). It can be easily remedied via your Cpanel or shoot your web provider an email and they can do it for you.
2. Back up your database AND your site.
There are many ways you can do this – from downloading your mysql database to installing a plugin to make it easy. I’m a fan of keeping it simple so install the plugin…. you can thank me later! The easiest plugin I found (and the one Prophoto recommends too) is one called WordPress Database Backup (search for WP DB Backup). First install it and then activate it.
Within Prophoto, there is the option to save and download your actual template. It will save the configuration of the whole template – from the backgrounds to the configuration of the menus. To download the template, all you need to do is visit Prophoto 4 → Manage Designs or Appearance → P3 Designs. From there, choose the option for the highlighted design of ‘EXPORT.’ Save the template to your computer for future use. Make sure you do this each time you make any tweaks to your site and just overwrite the one you have saved.
3. Don’t use ‘admin.’
When given an option, I’ve named the ‘admin’ username another name and never use publicly the ‘author’ function that lists the username to avoid this. To switch it up so the username is not what is shown, visit Users -> All Users + hover over the name. The ‘edit’ option will show up + from there, you enter in all the information within the profile they request.
First click save and then go back and change the ‘Display name publicly as’ option to something OTHER than your username.
4. Change your password often and use UNIQUE ones.
Check out the 25 most popular (and worst) passwords of 2011. Is your password on the list? Do you change your password frequently? My bank and some credit cards make me change my password every so often. So while your WordPress blog might not remind you, it might be a good idea to change it. Don’t use your kids names, dogs names, spouse names etc. They are just as popular as some curse words mind you. There is a reason why some sites are now requiring 8 characters, a mix of lower and uppercase, and at least one number. This is much harder to break than using your kids names. Trust me.
5. Know your Plugins, update them and hide them.
Do you know where your plugins came from? Do you trust the author? Are there security issues that will make your site vulnerable? Read the reviews and user comments. Check how many downloads they have. Make sure you get them from a RELIABLE author. Update them frequently to ensure that you use the most up to date ones (See a pattern here? Update, update, update! I feel like I’m repeating Marcia, Marcia, Marcia!!)
Limit the number you install. Often, the more you install, the more problems you can have with your site. I recently had someone contact me with the problem that their comment authors no longer had linked URLs. Turned out a plugin that was supposed to help with SEO actually removed the links. Go figure.
Can anyone view your plugins? Visit your plugin folder (or try to). If you can see the plugin directory, you are opening yourself up to problems. To check it out, add this: wp-content/plugins/ to the end of your site URL. So for my site, it would be: http://courtneykeim.com/
While this is not a comprehensive list, hopefully it can help some people out there keep their sites just a little bit safer.