Cyber crime costs are on the rise, with an estimated expense of $2 trillion by 2019. Yes, that’s trillion with a “t,” as in twelve zeros after it. The figure is staggering, and so is the fact that WordPress sites alone get 7.5 million pieces of spam every hour, many of them potentially harmful to your entire data infrastructure. Given the statistics, it really is not a question of if, but rather only a question of when your site will face attack.
If you find yourself wondering why anyone would even want your personal information, just know that it is valuable. On the black market, your social security number, your hotel loyalty points club, even your email contact list, all have value. Hackers are generally not the end user, but just obtain information to turn around and sell it.
How Did I Get into This Mess?
Most users do not know the common security mistakes they make. For example, you set up your account with the default user name. Well, then a hacker only has to work out your password. Or perhaps you use plug-ins that unwittingly contain an open back door. Most plug-ins will try to update themselves and protect against security threats. WordPress itself attempts to update plugins for you.
However, many users share plugins, and free ones are particularly popular, but at what cost? Paying a couple of bucks for a legitimate plug-in may save you money in the long run. At the very least, check out comments and the reputation of a plug-in before using it. Let a plug-in build a history before you decide to use it.
What Do I Do Now?
Take these steps to protect your data and your site:
1. Change your user name and password. Go ahead and make them complicated.
2. Just don’t use default anything, not user name, not database prefixes, not anything.
3. Keep your plug-ins up-to-date. If they don’t offer updates or you aren’t so sure about the source of one after reading this, go ahead and swap those plug-ins for trustworthy options.
4. Keep WordPress up-to-date. WordPress itself is secure, and installing the latest version gives you the latest security features.
5. Password protect any sensitive files.
6. Scan your site and server. There are many options available, but you should perform this action regularly.
If you follow these steps, you’ll likely climb back out of harm’s way.