Hi, I’m Sheila, a technology consultant, web designer, project manager and author. I help heart-centered business owners, the lightworkers of the world, with technology. I build websites and make technology work for them, so they can spend more time focusing on growing their business and doing what they love.

I experienced a brute force attack against my site that forced my hosting company to shut down my site and I had Wordfence installed!  I spent 2 days learning that without real time protection on your site, it doesn’t matter what security plugins you have.  When there are 1000’s of attacks in an hour, it shuts down a server.  My hosting company at the time was great in guiding me how to fix it.  It did require some fairly technical work, which I know many people would not want to understake.

The better approach would simply be to make sure you have the correct plugins installed and connect to a service like Cloudflare that prevents threats based on how they route traffic.


Why You Should be Worried

Based on statistics and research, WordPress is probably the most attacked platform that exists for web hosting.  Plugins and Themes are the major vulnerability areas along with people not keeping their WordPress installation up to date.   According to W3Techs, WordPress accounts for over 29% of the websites on the Internet, so it’s a great focal point for hackers.

You can see monthly activity reports around hacking by Wordfence here:  https://www.wordfence.com/blog/category/monthly-attack-activity-report/.

Another really good article about vulnerability can be found here:  https://www.wpwhitesecurity.com/wordpress-security/statistics-highlight-main-source-wordpress-vulnerabilities/.


How I Secured My Site

At the time, I quickly upgraded to Wordfence Premium to enable real time protection, which means that as soon as a rogue IP address attempted to login to my site, they were added to the ‘don’t allow’ and then they can’t even try.  Once I had my site up and running again, I enabled Cloudflare through my hosting provider.  Cloudflare is great because it’s free and it also provides a caching solution which speeds up page loading time for your site visitors.

As of 2019, my current security setup is using WebArx.  I secure all of my client sites with this and I haven’t had a single issue yet.


Recommendation to Secure Your Site

  1. Make sure you wordpress and all of your plug-ins are up to date.  In general, use as few plugins as possible.
  2. Change Your UserName if it’s Admin.  Admin is the most attempted username from hackers.
  3. Install a WordPress Security Plugin, such as WebArx, Shield Security,  iThemes, BulletProof SecuritiesWordfence or Sucuri Scanner.  There are free versions of most of them.
  4. Connect to Cloudflare.  Check inside your Hosting Platform or Cpanel and enable from there.  It will automate the connection.

The above steps will prevent most any attack.  If you are seriously concerned about being hacked, then you should purchase the premium version of one of the plugins or check out my WordPress Care Plans and let me take care of it for you!

Don’t Wait. Do it Now!