Three years ago I lost my blog of many years to a hacker. And at that time I did almost every mistake I shouldn’t. Due to a lack of backups I lost everything. So I decided that now, starting my blog for the 3rd time, I will share all the mistakes I did.
Mistake #1: using “admin” as your username.
Most of the times hackers use “brute force attacks” which is basically “trying to guess your password”. The attacker is using a tool that is guessing hundreds of passwords until it gets the right one. And if your username is “admin” you make it that much easier because they already know one part of your login.
Mistake #2: using a weak password.
This one is pretty logical, right? But I still have a few tips about choosing a password. Make it long, use lowercase and uppercase letters, numbers and you can even go with symbols. If you are still unsure about strenght you can check this website: passwordmeter.com which calculates strenght of your password and advices you where you can improve. And when you finally get to your password you can check how long a hacker would need to break it at howsecureismypassword.net.
Mistake #3: not making bakups
Yes, I did that. In all those previous years of blogging I never backed up my site. So there is nothing to go back to if you loose everything. I guess I could say lesson learned. I am currently using updraft plus which offers full site backup (database, themes, plugins, uploads) which it can create automatically based upon time you set up (hourly, daily, weekly, monthy). It can also send the backup to your email or some cloud accounts like dropbox/drive. In this way, even if someone breaks you site, you can easily restore it.
Mistake #4: not having brute force attack protection
This is a simple solution which blocks everyone who tries to get in your site using multiple passwords. Currently WordPress plugin Jetpack has this security measurement which is turned on automatically.
Mistake #5: using older version of WordPress, theme and plugins
Updates are being made for a reason, to fix bugs and to improve security of products. With older outdated products there are more chances for hackers to break in your site. Always make sure to update all your plugins, themes and WordPress installation. And always use plugins that are frequently updated and work great with latest WordPress version.