Beware of the spread of an email scam claiming to be a complaint against your business filed with the Better Business Bureau. Now, the scammers behind the BBB scam managing to hijack certain unsecured WordPress sites and using a plugin to send the scam emails.
If you receive an email claiming to be from the BBB, avoid clicking on any link in the email. In most cases, you can delete and ignore the email. If you think it is at least possible that someone has filed a complaint against your business, it’s safer for you to go directly to the Better Business Bureau website and search for any complaints about you. The BBB website has further tips on avoiding email scams.
If you are a website owner using WordPress and you suspect your site has been hacked and someone is sending scam emails, there are steps you can take to better secure your WordPress website. For more detailed video training, visit Lynda.com (a great resource now owned by LinkedIn) and search their training library for “WordPress security.”
Some immediate things you can do. If you’re using a simple WordPress password, update your password to something more complex. Run plugin and WordPress updates to patch any vulnerabilities. Consider deactivating and deleting plugins you know you don’t really need anymore. An example of a plugin you may consider deleting is the WordPress Importer plugin. There’s no need to keep that active if you’re not migrating content from one WordPress installation to another.
Consider masking your login page. You can try, for example, a plugin called WPs Hide Login by WPServeur*. This will let you name your login page anything you want. So, instead of logging into YourDomain.com/wp-login.php, you could log into, say, YourDomain.com/SecretSauce. If hackers can’t find your login page, it makes it even harder to try to crack your password.
Finally, consider securing your site with an SSL certificate and migrating to https. It will encrypt your login, which is definitely a good idea.
To make your site secure, as with any security measures, you need layers of security. One security measure alone simply won’t be as effective. And you are always the first layer of security: by choosing long passwords, using extreme care in the sites you visit and the email attachments you open. So, stay safe.
*Please don’t automatically download plugins we link to. As posts get older, we can’t always do updates to them, and we usually don’t bother. That means that plugins that were well-written and maintained may no longer be as effective. Always check the Last updated: section on a plugin page to make sure it’s still being maintained. It’s also a good idea to check its reviews and that it has a high number of active installations, which means it’s a popular plugin.