At Atomic, we build many of our clients’ sites using publishing platform WordPress. WordPress is easy to learn, and offers great design and customization options—meaning we can help our clients build great-looking sites, no matter what look they want.

But like any system, WordPress is occasionally vulnerable to intrusions. And attacks on WordPress-hosted sites have exploded in the past couple of months. Most of these hacks are what’s called “brute force” attacks—and they’re exactly what they sound like. A network of infected computers or servers (a “botnet”) attempts username/password combos over and over—at a rate of hundreds of thousands of guesses per second. Sooner or later, the botnets break in. Then, they make themselves right at home.

If you haven’t taken steps to safeguard your site, you could become a hacker’s next victim. Fortunately, there are a few super-easy ways you can protect yourself—no programming knowledge required. Think of these as your alarm system, your attack dog, and your pepper spray.

1. Make sure you’re running the latest version of WordPress.

Easy enough, right? WordPress releases updates regularly, so it’s important to install updates as soon as you’re prompted (a reminder usually pops up when you log in to your Dashboard). Most intrusions are caused by bugs that have already been addressed by a WordPress update, so do yourself a favor and keep your site current.

If you do need to use an older version of WordPress for some reason, make sure the version is hidden from your source code. (Learn how to do that here.)

2. Get rid of the ‘admin’ username.

When bots scan possible username and password groupings, they go first to names people are most likely to choose. WordPress accounts come with a default ‘admin’ username, which hackers assume (rightly) that most people won’t bother to change.

If you’re still using ‘admin,’ it’s an easy fix: create a new user with admin privileges (using a new email address). And stay away from usernames like ‘editor,’ ‘moderator,’ or ‘administrator’—they’re also easy targets. Log in with your new account, delete the old ‘admin,’ and assign all of the old account’s post’s to the new user. Piece o’ cake.

3. Use a strong password.

You’d think we’d have learned our lessons by now. But accounts get compromised all the time because of passwords like “1234” and, well, “password.” It doesn’t take a powerful botnet to crack that code. Try for a password that’s moderately long (12 characters or more is ideal) and contains some combination of upper- and lowercase letters, numbers, and symbols. Another good rule of thumb is to avoid using your name, your company’s name, or common dictionary words—the zanier and more unheard-of, the harder it’ll be for bots to crack.

Not sure if your password is totally ironclad? Try out this handy password security testing tool, which tells you how long it would take a desktop PC to learn your password. (“atomic1” gets cracked in 19 seconds. “AtomicIzAwe5ome,” on the other hand, takes around 6 billion years.)

There are many other measures you can take to protect your site, like security plugins, restricted permissions, and secure login pages. (And if that all sounds like gibberish, we can help.) But following these simple steps should keep you safe from the majority of WordPress attacks—plus, they’re good habits to form for all of your online activities.

We can’t hope to prevent every intrusion or thwart every attack. But if we can throw at least a few roadblocks in hackers’ path, we’ll do our best to stay one step ahead.

Got questions about your WordPress site’s security? Contact Atomic, and we’ll make sure you’re safe and sound.

 

As Atomic’s business developer, I’m often the first guy clients talk about revamping their websites. You might think we start by brainstorming cool design ideas and interactive features. Our conversations are actually a lot more straightforward than that, though—but that doesn’t mean they’re not important.

Creating a new website is a little reading like a Choose Your Own Adventure book.

Remember those? You start with a mission. And every few pages, you make a choice that decides where the story takes you next. Before you know it, you’re fighting off mutant spider ants, space vampires, and killer slime. Make one wrong move and you’re in for a sure death. But play your cards right and you’ll live to tell an unbelievable tale (unless you get turned into a grasshopper, that is).

While CYOA missteps end with you getting eaten alive by sand dragons or abandoned in outer space, bad calls in web design can lead your site’s visitors to pretty bleak fates, too: unsure where to look for information, and lost in an abyss of subpages and links.

I’ll go ahead and spoil that story’s ending: After one failed mission, they probably won’t return.

Okay, maybe designing a new website isn’t quite a real-life version of Prisoner of the Ant People. But the choices you make at the beginning of the redesign process really do affect your end product—and whether user experience efforts fail or succeed. So I try to go over a few key questions with clients before we get rolling. Think of me as the narrator of your web design adventure. The choices you make are up to you.

These questions will help decide your site’s fate:

• What do you want your new site to do? Sell a product? Inform users about services?

Have people fill out a contact form? Decide your site’s main goals from the get-go, and you’ll be off to a good start.

• Who are your users? A review of your current site’s analytics will help you make some important decisions about your redesign. Are most of your users browsing on mobile devices? If so, build a responsive site. What terms are people using to find your business? Use those keywords in your copy. Understanding your audience’s needs will help you give them the best experience possible.

• How will you market your site? If nobody knows your site’s out there, it doesn’t matter how much great, user-friendly content you’ve got. You might as well await the lethal sting of a giant scorpion. Do you want to issue a digital press release or make use of other SEM strategies? How will you continue to promote your site once it’s live? We’ll plan your site with your chosen techniques in mind.

• Who will maintain your site internally? Launching your site doesn’t mean the mission’s over—far from it. Designate someone who can upload blog content, news releases, and updated company information regularly. Otherwise, you risk misinformation and broken-link black holes. Content management systems like WordPress are easy even if you don’t know code, but may require a little training at first.

A good user experience means more clicks, leads, and business for our clients. That’s why we ask customers these questions before getting started on a big project—and again during research and planning phases. The answers clients give help guide the layout, design, and information architecture of every website we create.

And when you consider that the alternatives include getting turned into bacon or becoming collateral damage in an interplanetary war, we think that’s a pretty important job.

If this doesn’t make you want to dust of your old CYOA books, I don’t know what will. (All plot references are real, by the way.) And if you want to avoid endings like these, talk to Atomic. We’ll help you guarantee mission success.