As an agency that provides web design in Vancouver, it’s fair to say there are some things you just learn with time. As a long-time developer of customized WordPress websites, one of them is to never, ever use “admin” as a username.

There was a hair-raising situation upon arrival at the office yesterday. One of our clients, a local law firm, contacted us saying they had received over 50 notifications from iThemes Security that someone was trying to access their site using the login name “admin.”

As a plug-in that helps secure and protect WordPress websites, iThemes Security offers several free features to help secure websites against unwarranted attacks. In fact, according to their team, “WordPress currently powers over 25% of all websites and has become an easy target for hackers with malicious intent.”

A quick investigation into the back-end of the site revealed that the attack had been going on for over 15 hours. It’s what’s known as a brute force attack, where an automated piece of software tries various passwords with the username “Admin.” And while iThemes was sophisticated enough to block the IP address of anyone attempting to access the site with the name “admin,” the attacking software simply generated a new IP and tried again…and again.

Since there was no user designated as “admin” on the site, there was no problem. But the attack did highlight why it’s so important to get creative when it comes to choosing your names and passwords.

Why are hackers after my website?

For most small businesses, having a website is simply a way to introduce their goods or services to customers—there’s nothing proprietary or secret there. But the answer comes down to money. Even a small site can generate a substantial amount of money, and if your website is popular, it’s more of a target.

Cybercriminals make money by distributing malware, SEO spam, and even set up e-mail spam servers and phishing sites through your website. It’s now estimated to be well over a billion-dollar market.

For example, by injecting backlinks and spam into a legitimate website, hackers can redirect visitors anywhere they want. And if losing business isn’t bad enough, your website will likely be penalized by Google, thereby compromising your hard-earned SEO rankings. The redirects can themselves be pretty malicious, infecting visitors with malware that’s used to commit fraud or extort money.

For example, perhaps you’ve gotten the infamous sex-ploitation email. It claims that the hacker has captured indecent pictures of you through your webcam. Taking control of a webcam is pretty unlikely, but if you’ve been exposed to malware, a hacker might offer some old passwords as “proof” that they’ve successfully hacked your system. They haven’t—they just have the password.

IK Web Design in Vancouver: Your Options

To minimize the likelihood that your WordPress website will be compromised, make sure to assign creative usernames and passwords to everyone who has access to your site. You should also add a security plugin-in such as iThemes Security or Wordfence to the website. Both plugins offer a free and professional version, and both include an extensive list of features.

Remember to keep both plugins and WordPress updated. Developers are always working to minimize vulnerabilities—but sometimes updates, particularly the WordPress platform, can cause websites to break. Remember to keep site-wide back-ups or contact your web designer/developer for assistance. If you need a team to look after site updates and security, we provide all kinds of web support services at an affordable hourly rate.

Stay savvy and stay safe!