There was an urgency that came through the email message loud and clear. “This just came – PLEASE HELP!” The message that was forwarded to me was one that would strike terror into the heart of any website owner – “WordPress fatal error – database connection lost.” I sent a quick reply and promised to investigate right away. What I discovered is something that you need to know that can help keep your website safe.
When I went to the client’s website, everything appeared to be in order. The webpages looked normal, navigation worked properly, everything looked and worked like it was supposed to. When I logged into the website admin area, everything appeared to work properly. So what was that weird message all about? Upon closer investigation, the email turned out to be a forgery! Although the email was designed to look like it had come from the client’s website, it had in fact come from another source. Great care had been taken to make the email look legitimate in every way.
Avoid Clicking on Links in Suspicious Emails
Forged emails such as this fall into a type of attack known as phishing. The motive behind such emails is to trick the recipient into divulging their login information. This is done by directing the recipient to a website that looks legitimate, but is in fact a clever copy of the real thing. When the person attempts to log in, the hackers now have a copy of the login credentials.
The best way to beat these kinds of attacks is to simply make it a habit to never click directly on the link contained in emails like this that direct you to a familiar place. When I got the email forwarded from my client, instead of clicking the link to go to the client’s website admin area, I went there from a bookmark that I keep on my computer.
Phishing attacks masquerade as a warning message notifying the recipient of some terrible trouble with your website, your ebay account, your bank account etc. If you make it a habit to never click the link in emails like that but instead go directly to your account the way you normally do, you won’t fall for this trick.
Update Software for Better Security
Keeping your software updated sounds easy, but often this isn’t taken seriously. Software is updated for a variety of reasons. Sometimes it is to add features, enhance compatibility, fix bugs, or improve security. It is that last one that you need to be the most concerned with. WordPress websites will notify you in the admin area as to whether or not updates are available. When an update is available, the software or plugin publisher always provides a listing of what changed. If security enhancements or vulnerability fixes are in that list, it is essential that the update be applied to your website right away.
One reason that updates are not performed in a timely manner is because sometimes a software update causes something to stop working properly on your website. This is just a fact of life. Accept that this is part of the cost of doing business online and apply the update. It is a best practice to create a backup of your website before making any software updates. If you don’t feel comfortable applying the updates and then troubleshooting your website to make sure everything still works as it should, then reach out to your website person and ask them to take care of this for you. Outdated software is one of the most common way that hackers compromise websites.
Update Passwords on Turnover
When was the last time that you updated your password? If you are like most people, you’re not quite sure. Updating passwords can be a pain. Here are a couple of things that you should be doing to strengthen your password management.
In your password manager, keep a record of the date that the password was last changed and also a record of everyone that you have shared this password with. By periodically reviewing your list of passwords, these two new pieces of information can make it really obvious when a password is due to be updated. When someone that you shared a password with is no longer on your team, the password should be updated. The risk of not updating your passwords when a member of your team leaves is not just that they could use that password to do something bad – hopefully your team members are of a higher caliber than that. The big risk is that if their computer got infected, any passwords of yours that are on their computer could be compromised. This is a common form of password theft and one that is extremely difficult to track down.
Adding a “last updated” and “who has access” fields to your password management software or listing can go a long way toward identifying what should be changed and when.
Stay Safe with Best Practices
Make using these three best practice tips part of your routine to help keep your website safe and secure. If you get a lot of phishing email, then it could be a sign that your website is getting a lot of attention from hackers. If you find yourself in this situation, you should make sure that your site is secured by special website security software and monitoring.