Security attacks are rampant right now on WordPress and other sites. To keep your site and yourself safe and spam-free, it’s time to revisit Internet security basics. Some tips might seem obvious, but we run into these issues with clients every day. By following a few simple tips you can keep yourself from falling victim to online spammers, hackers and predators.

One of the most important things you can do to prevent security breeches is to run your updates. We all click “ignore” or “remind me later” from time to time, but often these updates are directly in response to program and software-specific attacks. Be sure you run all anti-virus and security updates for the devices and platforms you’re using to access your blog, website, Facebook account, email, and anything else that requires that you login. Check your publishing platform to be sure all plug-ins and players are updated as well. Most platforms have an area where all new updates are posted. Be sure you’re using the latest version of your browser and operating system as well.


When visiting a website that is asking for personal information, be certain that the URL begins with “https.” This means that it is a secured site. It is also important that you enter the URL yourself rather than accessing it through Google or another search engine. Internet scammers can set up ghost sites that might appear to be a site belonging to your bank, or a business, but are really attempts to steal your information. The same goes for accessing links that are emailed to you—especially if they’re from people you don’t know or email addresses that you do not recognize. If someone you know sends you an email that seems uncharacteristic (for example, your father sends you a link to purchase online pharmaceuticals) ALWAYS check with the sender first. Many times an email address can be hacked and several messages can go out before the owner discovers the violation. Use your common sense and best instincts. If something seems out of the ordinary, don’t reply to the email. Instead, compose a new email to the sender and simply inquire if the information is legitimate.

A Word About Passwords

The current spam attacks that are going around WordPress right now are often targeting common login names, such as admin, administrator and manager. Never use a common term for your username OR password. Some of the most commonly used passwords are a repeat of the user name (for example admin/admin), the word “password” (believe it or not), the address or street name of a business, or information that is contained right in the very site the user is trying to protect. People frequently use sequential numbers or their phone number. Not a good idea. They also make the common mistake of using the same username and password for several different sites: their publishing platform, their email, their bank account and their Facebook account, for example, might all have the same password. Also not good. This can give a hacker carte blanche to access all of your information.

Struggling to think up a password?

Well, that’s not such a bad thing. Passwords should not be easily memorable. They should not be single words found in the dictionary. Passwords should not be easily accessible information such as your spouse, children, or pet’s names, or dates of birth. At the very least, your password should contain capital and lowercase letters, numbers and a symbol. If you’re afraid that you can’t remember such a complicated password there are several password organizers that can be found for free, including LastPass and KeePassX. There are also several apps such as Keeper that you can download to help you manage your passwords. Passwords should be updated or changed every 30 to 60 days, and more frequently if you have a high rate of employee turnover in your business, or have any security concerns.

Passwords (and other personal information) should never be sent by email. Most publishing platforms and email providers allow the site administrator to change passwords. Be certain that your IT manager has the ability to change passwords if needed. (For example, you don’t want a former employee accessing sensitive information, and you’ll likely want access to their email after they’re terminated.) This prevents you from having to remember all those company passwords, and you’ll avoid having to write them down, leaving them at risk for discovery.

The Internet can be a safe place full of valuable resources and information, if one uses common sense and thinks through the information that they are offering to others. Always check the background of a company or website before you give information or set up an account. Familiarize yourself with the security measures in place for your favored browser, publishing platform, and operating system.

In short, be sure your passwords are strong and stay secure by keeping up-to-date with your security programs. Don’t be tempted to “ignore” or ask to be reminded later. It could be too late!

Struggling to keep track of updates? Need suggestions on how to manage all those passwords? Still feeling insecure? Contact Posts By GhostTM and we’ll refer you to one of our IT security partners or leave a comment below!

Padlock With Keys image courtesy of Petr Kratochvil.

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.