Is Your WordPress Website Secure?

Security Is Not Optional If You Have A Business Website:

Securing Your Site Could Literally Save You Endless Hours & Thousands of Dollars!

 

You put a lot of time and effort (and probably money) into getting a professional looking website that represents your business and brings in sales.

Think about this. Someone could hack in to your website, change it, take information off it or just wipe it all away. It’s unthinkable, but far from impossible!

The good news is: It can all be avoided by securing it from the would be hackers.

 

Sadly, it is the common, simple mistakes being made, that make it so easy for ANYONE with a little time, an internet connection and some Google research to breach your wall.

Take This Simple Test: Below Are 5 of the Most Common Mistakes Made By Business Owners, Web Designers and Internet Marketers.

 

Run these tests on your website to see how you do:

 

 1. Is your WordPress configuration file out in the open?

Here is how you check:

Type in: http://yoursite.com/wp-config.php (make sure to replace “yoursite” with your website)

If you get a blank white screen – you FAIL  That means the script is being run and is accessible to the outside world.

 

You PASS if you see either of these screens: 

 

2. Is your ‘log in’ giving away valuable information and is your User ID secure? 

 

Here is how you check: 

Type in: http://yoursite.com/wp-login.php (make sure to replace “yoursite” with your website)

Type in the WRONG username and password.

You FAIL if you see this: 

 

The reason you failed is – WordPress told me I got the username wrong. That information should not be given on an unsuccessful log in attempt.

 

3. Now try to log in with the CORRECT username and WRONG password.

 

You FAIL if you see this:

 

 This one failed because the hacker now knows he got the username right. WordPress tells me that my CORRECT usernames’s password is wrong. You just got a hacker 50% in.

FREE TIP: A huge FAIL would be actually using ‘Admin“, the name of your domain or anything else easy to guess. Having a tough to guess username is half the battle!

 

 4. Are You Telling Hackers What Version of WordPress You Are Using?

 

The problem here is, if you have not kept your installation up to date, a simple Google search will tell potential hacker step by step instructions on how to take advantage of the security flaws in the outdated installation. So how do you know if you are vulnerable?

1. Go to your website and right click anywhere on your webpage. In the menu that pops up, choose “view source”. A window will open with a bunch of code. We only need to look in the top area to see if you see anything like this:

Now if you passed this one, don’t get to excited yet. There is another even easier way to get your version number.

To find out type in: http://yoursite.com/readme.html (make sure to replace “yoursite” with your website)

 You PASS if you get a 404 ERROR or Page Not Found.

You FAIL if you see this:

How we doing? One more quick test to try. Keep in mind, we are just scratching the surface with these tests, but if you are failing these, odds are good you will fail the gambit. Moving On…

 

5. Can A Hacker Access Your Installation Script – Giving Them A Chance To Reinstall With Their Username and Password?

 

Here is how to find out if you still have your installation script available to the public: 

Type in: http://yoursite.com/wp-admin/install.php (make sure to replace “yoursite” with your website)

 

You FAIL if you see this:

 

This Screen means that your Install PHP Script is available to the public.

Again, you would PASS with a ‘404 ERROR‘ or a ‘Page Not Find‘ page.

 

So there you have it. How did your website do?

If you PASSED, congratulations. You or your web designer did you right and odds are really good you have a very secure website.

On the flip side, if you FAILED 4 out of 5 tests – you need help.

 

Don’t Wait Another Day!

Give Max Power A Call or ‘Contact Us‘ – We can help you keep your website safe!