If your site runs on WordPress, the most popular web publishing software, you need to see this graphic from YourEscapeFrom9to5.com. Some 30,000 WordPress sites a day get hacked, most of them small business sites, according to security firm Sophos; hackers use the sites to distribute viruses.  The core WordPress software is not particularly insecure (in fact, it’s “open source”, meaning that hundreds of programmers work to maintain it), it’s just so popular that it’s worth penetrating for cyber-criminals.

Security is an issue to discuss with your web developer and hosting company. But there are some simple defensive steps you can take, such as

  • Change the default user account from “admin” to another name.
  • Limit writing and publishing permissions to trusted users.
  • Always run the most recent version of WordPress and the “plug-ins” that power widgets on the site.
  • Back up the site frequently.

Here’s the official guide from WordPress on security and a white paper with security tips from hosting company WPEngine.