Hackers are one of the MANY reasons why you need to do quarterly website backups (at a minimum), and why updates are critically important.
Most hacking is not done hands on by a hacker. But by a computer set to attack your site and gain access using a database of flaws. Often it’s by gaining access to your site through brute force attacks against a password. Natively WordPress installations do not prevent multiple logins. They don’t force robust passwords. And the login page is the same for millions of wordpress sites. It’s not hard to find out if a site is build on wordpress.
Backup your site, upgrade your site and all plugins, install, activate and setup these three plugins, and give yourself a very robust password and you’ll prevent hacker bots from getting in.
1. Change your password
2. Install: Login Security Solution
3. Install: WordPress Recaptcha Integration
4. Install: Rename wp-login.php (unmaintained)
Download a zip file of the Security Upgrades (unzip the file and you’ll find 3 zipped plugin files) and upload them. Or search from the “Add New Plugin” area within your dashboard.
If you are using YOAST’s “WordPress SEO” make sure you upgrade the plugin. Apparently there is a gaping hole in the thing.
The WordPress SEO plug-in developed by Dutch website optimization firm Yoast contains a vulnerability that allows attackers to manipulate a site’s database and add rogue administrative accounts.
The so-called blind SQL injection vulnerability was discovered by Ryan Dewhurst, a security researcher and co-developer of the WPScan vulnerability scanner. The flaw affects versions 18.104.22.168 and older of WordPress SEO by Yoast.