I recently got an inquiry from a man about his business website. He wanted a few things done to it and wanted me to handle these things. I requested he set up an administrative logon so I could go in and take a look. Here is what I found.
1. A user with the user name “admin” and administrative access. This is wrong in every way. When someone tried to hack into your website “admin” is the user name they are going to use. Below are two screen shots from the activity log from this website. You can see the hacking attempts. The most commone users names tried are “admin”, “administrator” and the url of the website. The person who did this knows nothing about security.
2. Speaking of security, there are installed plugins and themes that are not being used. This is also a security risk. If you are not using it, remove it. It’s that simple.
3. A theme which the developer paid for, not the website owner. Why is this important? Well, since the owner of the site doesn’t own the theme he doesn’t have an access to technical support for or updates to the theme. And since he doesn’t have that, neither do I. Got problems with the theme? I can’t help you. This is why I use open source or purchase the theme (or plugins) for the website owner and turn that ownership over to them.
4. No security plugins at all. No WordFence, no Bullet Proof Security, no activity monitor, no scanners, no firewalls, no login restrictors. Nothing.
5. No automated backups of the database scheduled. No plugins to automate backing up at all.
6. No SEO plugins.
7. No analytics plugins. It’s a busines website. You need to be monitoring what key words people are finding you with. What pages are they visiting. Where are they entering and leaving. No analytics were set up. WordPress statistics are available for free via JetPack and WordPress.com. Google Analytics is free. There is no excuse to not have these running on a WordPress business website.
If this is what’s happening with your website have a talk with your administrator about these problems. If he isn’t willing to talk with you and fix these things consider finding a person to administrate your site who knows what he is doing or learn to do it yourself.