George Lerner – Website Tech

For coaches who want to create and sell online courses, but struggle with the technical aspects

How to Prevent Unauthorized Posts and Extra Admin Users in WordPress

“unauthorized admin accounts” and “betting-related posts” ==> You must install security software on your site.

Whether you installed a plugin with security holes, or had a weak password that hackers guessed, or some other way they got in, hackers got into your account.

The quick version of the conversation is “install the free version of Wordfence now”.

When Wordfence identifies what specific hack is on your site, follow the instructions exactly. If that is too scary or would take you too much time, you can hire Wordfence to remove the hack(s) from your website.

Do not follow random “suggestions” you find online, for something this serious.

Get rid of plugins that Wordfence says aren’t in the WordPress respository. Find a replacement that is in the WordPress respository, which gets checked regularly for security issues. Other sources of plugins probably are not checked. Exception: the paid version of a plugin that is in the repository.

Update plugins that Wordfence says have security updates.

Turn on Wordfence’s login security, and use a password keeper software. I suggest Bitwarden, free for several devices, works on your computer and phones. Make a unique computer-generated password for each site. Note: most anti-virus software come with a password keeper; as long as PCMagazine recent review of anti-virus software gives that antivirus software a good review, you can use that password keeper.

Hackers know exactly how people make passwords. They know what people make are not “good” passwords. They can try millions of them. If you made the password, hackers can get it. Use long computer-generated passwords.

Stop installing plugins and themes that your local WordPress Meetup haven’t vetted. Or use Arizona WordPress Meetup, and join our Slack Workspace, use the “burning questions” channel.

Weak passwords and insecure plugins (or plugins written by hackers) are common ways a WordPress site gets hacked.

It’s not your fault; nobody taught you how to set up security on your WordPress site.

It is your job, however, as the site administrator.