Are You Making This WordPress Security Mistake?

I’ve just been over to my hosting account and noticed that my sites are no longer being backed up. Eek!

On further investigation, I discovered that I was exceeding the number of “inodes” allowed… The inodes are the files and folders you have stored on your server…

Even though I technically have an unlimited Hostgator account I’m only allowed 100,000 inodes. Worth bearing in mind if you didn’t realise that…

Anyway, I traced the problem to my email, which had really built up (I check it in gmail). Once I’d deleted everything the inode usage fell from about 110k to 89k…

Which just goes to show that really it pays to keep a close eye on your hosting just in case…

If you haven’t got a site backup, then you could be in trouble… especially if you haven’t got your site security issues sorted out…

This is a topic that every WordPress owner should know about and yet very few of us do…

WordPress Security…

Most WordPress sites have a ton of security holes and are very easy to hack, especially if you installed it with a script like Fantastico.

I didn’t realise this until relatively recently, when my friend, Gaz, told me about how he’d had 50+ affiliate sites hacked and viruses had been installed. Yikes!

It cost him a thousands of dollars to get them cleaned up and he lost out on commissions and customers in the meantime…

If he’d taken a few security steps then his sites would have been safe 🙂

Just look at this screenshot of the attempted logins on my one of my WordPress sites…

 

bad logins1

This illustrates how clever hackers are, trying all the possible usernames that people may use…

It’s a good reason never to use “Admin” for starters!

If you are making that mistake, then I suggest you go change it now! 🙂

And here are the IP addresses that were locked out by my security settings:

 

lockouts

Kinda scary I think you’ll agree!

And WordPress security has been in the news this week:

Hackers Point Large Botnet At WordPress Sites To Steal Admin Passwords And Gain Server Access
If you’re running a WordPress site, now would be a good time to ensure you are using very strong passwords and to make sure your username is not “admin.” According to reports from HostGator and CloudFlare, there is currently a significant attack being launched at WordPress blogs across the Internet”
~
Tech Crunch

I was chatting with my friend and WordPress expert, Bobby, about this very issue a couple of months back and we came up with some very special WordPress Security training…

WP Security Decoded will guide you through the steps you need to take to protect your WordPress sites using a ninja combination of FREE plugins and settings 🙂

It took Bobby months of testing and tweaking to figure out the best setup…

And we’re revealing it all for you on Thursday April 18th at 11am EST!

So watch this space! 🙂

Update:

Click here now to protect your blog with WP Security Decoded

 

 

2 thoughts on “Are You Making This WordPress Security Mistake?

  1. Alarming stuff there, Sally.

    I hardly ever login to my hosting account, which is probably not a good idea. I’m going to do so right now to see how many ‘inodes’ I’ve used up.

    I was using my name as my WordPress login, but after seeing those login attempts as ‘Sally’ I went and changed it to a phony name. What plugin are those screenshots of anyway?

    • Hi Charles!

      It’s quite scary isn’t it?! I use a fake username on my WordPress sites too. As for the plugin – all will be revealed
      when WP Security Decoded launches on Thursday 😉

      I don’t usually login to my hosting account either. I was just in there to get a screenshot of some traffic stats. I probably need to do some more file deletion and keep an eye on the inodes. I’m also thinking I may need to buy another hosting package at some point 🙂

      Sally

Comments are closed.