Why do “people” try to hack websites and what do they do?
Well, I am glad you asked me that question. There are various levels of compromise. The worst case is that the baddies use your website to get control of the whole server, which would be an absolute disaster, most hosting companies are all over that sort of thing anyway and will quickly shut down any site that looks like it could be compromised in that way as well as having levels of protection and security on the server that would prevent it happening anyway.
The headline hack: hacking a site just to deface it is actually pretty rare, mostly the hackers are trying to get code on to your site to one send out loads of nasty spam emails about Viagra or FOREX stock trading or all those other things I don’t need and am not interested in, and two to put redirects on your site that send people off and create links to sites that sell pretty much the same sort of rubbish as the emails. If you keep your WordPress site up to date with all the plugins and WordPress versions (as well as delete any plugins and themes you don’t use) you should be pretty safe. If you take a regular backup, even if your site does get compromised, you should still be able to recover pretty easily.
One of the standard set of WordPress plugins is the Wordfence security plugin. It provides login and IP firewall protection to your WordPress site and allows you to scan your files and checks them for changes against the original versions. Based on that alone it’s a great plugin to help you maintain and protect your WordPress site.
The scans can put a bit of load on your web server, we make sure we do the scans out of hours so that there is no potential disruption. Wordfence offer a premium version that allows you to do scheduled and remote scans as well as things like a cellphone sign-in to increase security.
Wordfence also tells you when plugins and themes need to be updated and connects you to a whole community focussed on keeping WordPress secure.
One of the latest features we have utilised in WordPress is to do with increasing site performance. Their Falcon caching engine claims to make websites 30-50 times faster (presumably in delivering static content). We have used other caching plugins before to good effect, although some of them have been complicated to set up. Falcon certainly feels like it works, which ultimately is the true test. Numbers and stats are all fine, but the proof of a performance tool is what it feels like to the user.
Our WordPress Maintenance Packages all include the installation of Wordfence as well as maintenance of WordPress and it’s plugins and backups.