It’s all fun and games until you noticed something is wrong with your website. The symptoms could be one of the following:
- You got: “This site can’t be reached” message when entering your URL
- Random pop-ups appear on random pages while you are navigating your site.
- Random files and folders suddenly appear in your web folder
- Random new users account has been created
- Your WordPress Admin account has been removed
- Unidentified files have been installed in your FTP that you do not know
- When you Google your site, the result says: “The site may be hacked”
There could be other signs your WordPress site have been hacked, but those are the most common one.
Reasons why you have been hacked
While it could be done by someone who has the access to your WordPress backend or your hosting control panel (like a disgruntle ex-developer), there are other reasons why your website is vulnerable to attack.
- You have a weak & easy to guess password
- Your plugins and theme files are outdated
- You are using nulled plugins and themes
- You never set up security solutions on your WordPress installation
What should I do if I’m hacked?
If your hosting provides scheduled backup, you can contact them to revert to the last working version of your website. If you don’t have backups, you may find a web design company who can retrieve back your website. This will be done manually and technically challenging depending on the size of your website.
Here are my 5 rituals in ensuring a secured website:
1) Strong username and password
What passwords and condoms have in common
You don’t reuse it
You don’t share it with others
You don’t use the same one as the others
If you’re in doubt, change it
Stop using ‘admin’ as your admin username, silly. Find a suitable username that’s not so common and probably unrelated to you in a sense that anyone could guess from looking at your Instagram or Twitter handles. Your username shouldn’t have anything to do with your personal information.
Same goes with your password. Use uppercase, lowercase letters and various characters to strengthen your password. I also recommend that you regularly change your password, especially if you had shared your password with some freelancers or anyone you hired to make the changes before.
If your site has a lot of outdated plugins, there could be security holes where hackers can break into your system. Therefore, it is important that you keep your plugins and WordPress updated. Updated plugins improve the load time too. Keep auditing your plugin list and remove any redundant plugins.
I recommend using Siteground as a hosting and I have used them for our clients for many years. They have daily backup and 99.99% uptime on their servers. Prices are very reasonable and their control panel is user-friendly and easy to use. Their support is effective and competent. Based on my experience, in some cases, they will help in restoring your site if it got hacked.
4) Install WordFence
Wordfence is one of the most downloaded security plugins for WordPress. It has a number of smart features to protect your website from common hackers attack. Wordfence is easy to use, so you do not have to be a rocket scientist to use it. Installing Wordfence will significantly increase your website security.
Some of the features that I like include:
- Perform a virus scan of your entire site and get a report.
- Block IP addresses and countries from accessing your website
- You receive an email every time a user logs in to your website. Here you can see the user IP, user hostname, and user location and their username.
- Built-in firewall to protect your site from unwanted traffic.
I could not emphasise this one hard enough. You might purchase the best theme and plugins, hire the best web developers and use the best hosting solutions – but if you don’t schedule backups for your site, all your investments will go down the drain, once your site has been hacked.
There are lots of backup solutions out there, but I really like UpdraftPlus because it’s simple and just work in most case.
All of these rituals are not very technical because I want everyone to be able to understand and perform the security check yourself. However, there are some advance solutions that you can perform. Eg. You can limit write permissions to files and folders so you do not get the wrong people in and overwrite your files.
Remember to keep your plugins and theme updated. Outdated files may have security holes, making your site vulnerable to attack.
I was just adding some plugins to a couple of my clients’ WordPress websites and noticed there are 99 pages of plugins under the popular category from the WordPress plugins section. Holy Moly, that is a lot of plugins!
Thank goodness for the popular tags directory and search by keyword box. Without those, some people could spend hours looking through all the plugins and not know what they were looking for.
The number of plugins is going to depend on what you want your website to do, and what you want out of your blog. There are people that have a list of 3, 5, 10, or more of the “must have plugins” for every website.
I don’t believe that is so. Every website is different, so the plugins you use on your website may not be on the must have plugins lists. Sure, there are the plugins for analytics, cache, SEO, forms, sitemap, and security to list a few that are useful and needed by all. However, if you are new to web development and have no clue which plugins you need it can be overwhelming.
I recommend if you are unsure, review the first few pages on the popular plugins page to get a feel of what plugins are available. Click the install on the side and read the description, how to install, view the screenshot options if available, check the FAQ’s, and additional notes, to see if the plugin is right for your blog. The information will also tell you if the plugin has been tested in the newest version of WordPress, how many times the plugin has been downloaded, and the last update of the plugin. Be careful, an outdated plugin can cause you more problems than good on your website.
I really pay attention to the number of downloads and last updates of the plugins. Now, is this the way for everyone? Not necessarily, but I use that as an indicator of the value of the plugin. Now on the other hand, some might say just because a plugin has not been downloaded numerous times does not mean it lacks value. I totally agree with that, but I just stated what I look for. It really all depends on what you need or would like your website to do.
Plugins are great tools to use to enhance your WordPress website for you and your visitor’s experience. As your plugins have a purpose for your website.
Recently, MDG Advertising Agency produced an infographic presenting 5 elements that will attract new customers to increase engagement and sales.
1. FAST LOADING & USER FRIENDLY SITE
Customers want intuitive, responsive and fast-loading web pages. 47% of Internet users say that usability and responsiveness are the most important criteria of an e-commerce website.
In a fast-paced world, customers are becoming less and less patient: 75% of buyers will leave your site if the loading time is slow.
E-commerce site must be optimized for mobile use. 77% of users between 18 to 29 years old make their purchases online on smartphone or tablet.
2. ACCURATE AND DETAILED PRODUCT INFORMATION
Providing in-depth information on the products is essential. 68% of customers actually read the description of the product. If the information provided is too general, chances are they are not encouraged to make the purchase. 77% of buyers say that the product descriptions influence their decision in making the purchase.
Suggesting a FAQ (Frequently Asked Questions) helps reassure customers. 40% of them wish to be able to ask questions or find answers to their questions.
Product information must be accurate. More than 42% of those surveyed said they had already returned an item because the information on the site did not match to the product delivered – resulting to 86% of non-returning customers.
3. CLEAR IMAGES INCLUDING DETAILS
It is important to look after good product photos and other visuals. 26% of users admit to abandoned an online transaction due to lack of, or poor quality product photos. Keep in mind that, since customers won’t be able to touch the physical products, they will only rely on the high-resolution product images in making the decision to buy.
And talking about high-resolution product images, 67% of buyers zoom on the images in the product page to see the details.
4. RATINGS AND REVIEWS
Before making a purchase, 73% customers like to find out about other customers’ (verified) reviews about the products, quality of service, etc. Customers also are expecting items to be rated.
The ratings and reviews allow consumers to trust the company and guarantee the quality of the products. However, 48% of users are skeptical on the reviews given by others, since this can easily be manipulated.
5. A FAST AND DYNAMIC INTERNAL SEARCH ENGINE
The on-site search engine in an e-commerce site is crucial: it allows users to search & filter products. 70% use it regularly to save time.
For an optimal user experience, companies need to highlight the search bar, build in autocomplete feature, include images and ratings into the results, and include navigation elements such as breadcrumbs.
Based on these 5 elements, visitors will enjoy browsing your site and will be more easily influenced for a purchase.
Want to optimize your e-commerce site? Tell me about your project and we’ll take it from there.