There are a lot of things you can do to make sure your site is secure but today I want to focus on something very simple that gets overlooked and way too often it only gets looked @ after the facts.
What I’m referring to is the users that have access to your site’s admin panel, no matter what your platform is, chances are that over the years you set up credentials for people who no longer work for your company or have no more reason to have access to your site’s admin panel.
How many times did you try a certain plugin or extension and gave admin credentials to someone so they can log in and properly install it for you? How many times did you hire a temporary worker and gave him access to the admin area for something simple and then his credentials were never removed?
You should take the time to log in to your admin panel and see who has permission to log in to your system, you’ll be surprised @ who you find over there, but go ahead and remove anyone who no longer should be accessing your site’s admin.
The same holds true for FTP (or SSH) credentials, if you ever had to share those with anyone or create additional accounts, now would be a good time to login to your server admin panel and see who can still access your site and remove those users that are no longer necessary.
Besides for the obvious reasons why you should delete these user accounts, you should also consider the fact that hackers that use bots to try and break in to your site have less chances of landing on a successful username/password combo if you only have a few user accounts – the more credentials you have, the higher the risk is that someone might be able to crack one of these credentials and illegitimately login to your system.
Once you’re logging in and checking out who has access, now might also be a good time to perhaps change the passwords and make sure you’re always using strong passwords.
It’s very difficult to clean up a mess from a system that has been compromised, so if these simple steps can deny an attack on your system, the minor trouble you had to go through is definitely worth it – trust me, you don’t want to and I hope you never find out the hard way 🙂