In my webinars, I always get questions about security. It always seems like the people whose WordPress sites get hacked believe that it happened through some sort of unknown vulnerability that’s beyond their technical comprehension. Though it is true that outdated software does leave vulnerabilities open, in many of my observations, I found that these same users did not follow basic security protocols like using a strong password.

Here’s a real story: I had a client several years back whose website constantly got hacked. So they came to me for help. The name of their company was Sons X, where X represents what their business did, for example, Sons Window Cleaning or Sons Automotive. I omitted their full business name for their privacy. They were using a firewall (as should everyone) so they were confused as to how they were getting hacked more often than their peers.

After they began to work with me, I immediately found a red flag. Their admin credentials were:

Read more