Marketing Your Creative And Business Ideas Since 1996
A Certified NYS Women's Business Enterprise
5 Tips for Securing Your WordPress Website

5 Tips for Securing Your WordPress Website

How often are bots, spammers, and hackers trying to get into your site? It might be more often than you think.  One of our smaller, local clients has had over 18,000 attempts at getting into their WordPress site in the past year.  Fortunately, we have the security in place to prevent attacks like this from getting through. What can you do to secure your site?  These tips apply primarily to a self-hosted version of WordPress (not Although many of these tips can be used with a website.

Use a Security Plugin

WordFence and All In One WordPress Security are two of the most popular plugins out there — because they work.  Plugins like this will help guide you through the changes you need to make to keep your WordPress website secure.  They work by modifying the .htaccess file on your server, helping you easily block bots and IP addresses attacking your site.  They also provide assistance in changing some common WordPress URLs and installation settings as well as securing WordPress common files (such as wp-config.php). Just be careful when using these, because it is possible to lock yourself out of your own site — trust us, we’ve seen it happen.

Change the Admin Username

Seriously, change the administrator username to something other than “admin”.  Since the WordPress default installation uses “admin” as the administrator user name, that is the first username bots and hackers try. Of the 18,000 failed login attempts above, more than half tried admin or some variation (i.e. adm or domainadmin). Do not use a significant part of your domain name either.  For example, if your domain is, do not use “mycompany” as your username.  That was the second most used user name in the failed login attempts.  Others to stay away from include the full domain name, “Webmaster”, “Webadmin” or other similar usernames.

While you are changing the admin username, make sure there is a “real” name attached to the user.  When a post or page is published, the author is often public.  If you do not set a first and/or last name for the user, WordPress defaults to the login username.   The bots then pick up that username and attempt to get in.  Secondly, be careful with the usernames. For example, when “Jane Smith” posts,  bots will try “Jane”, “JSmith”, “Smith” and other various combinations trying to login to her account.

Change the WordPress Database Table Prefix

When WordPress is installed, it puts “wp_” in front of all its database tables. This is to help you identify which tables belong to WordPress if you are using the database for more than one application.  Change “wp_” to something else. Ideally, you would like to use more characters and mix of letters and numbers.

While you are checking on your database, make sure the database name, username, and password are secure. cPanel accounts default database names to your account username followed by an underscore and then a name you choose. Pick something nonsensical for that name — make it a string of characters that would not appear in a dictionary.  The same is true for your usernames and passwords.  Passwords for databases should be at least 12 characters long with a mix of uppercase, lowercase, numbers, and special characters.

Keep WordPress and Plugins Updated

Always make sure you have the current version of WordPress and your plugins running.  Also make sure all your plugins come from reputable sources and are listed in the WordPress plugin repository. Do NOT download a “free” version of a premium plugin you find somewhere–there is no way to verify the veracity of that plugin and you are hurting the people who have put hundreds of hours into developing and supporting something that is making your life easier.

WordPress is excellent at releasing patches to fix bugs and secure vulnerabilities.  You can turn on automatic updates, which will automatically update your installation for the smaller releases (i.e. 4.7.1 to 4.7.2).  For the bigger releases, you will need to update WordPress yourself, which is as easy as clicking a button. ALWAYS make sure you have a backup of your site files and database before starting an update process.

Backup Your Site Regularly

Speaking of backups…your hosting provider should be able to provide backups for you – some will charge an extra fee. Your hosting provider should also be storing offsite backups – ask if they do. You can also use plugins such as JetPack and Updraft Plus. They provide backups right from your Dashboard. Premium versions will allow automatic scheduling and some offer automatic backups to the cloud.  Having a clean version of your database and files is important in case your site is compromised.

WordPress is a great and popular platform for building websites — because of that, hackers try to take advantage of the uninformed. Keeping your site secure is easy, but takes a little vigilance on your part to make it happen. If you have ANY questions about how to secure a WordPress website, find a reputable web development firm with WordPress experience. For a small fee, they will be happy to review your security settings and provide recommendations.


What People Are Saying

IMC has created a wonderful site for us that surpassed our design and functionality expectations.  As a non-profit, we needed a site that was sensitivity to our audience and branding yet flexible enough to be modified internally. The IMC staff couldn’t have been more supportive, and executed this in an amazingly timely  turnaround.  Thank you so much.

Beth Ledy Saratoga WarHorse

We Can Help

Protecting Yourself from Ransomware

Unfortunately, Ransomeware is the word of the day. What is it and how can you protect yourself?

What is Ransomeware?

Ransomeware is typically spread through email. When an unsuspecting person opens the email attachment, the virus uses a flaw in the operating system to lock down a user’s computer and encrypt all files until s/he pays a “ransom” to get an unlock code. If that computer is connected to a network, the virus will spread across the network, infecting everyone.  If your backup drive is connected to the network, it will infect your backup as well.

This particular strain is called “Wannacry Decrypt0r” and is asking $300 from victims to unencrypt their computers.  It is using a flaw in Windows operating system to run code that locks down your computer, encrypting all your files. In order to regain access to your files, you are prompted to pay a ransom. Infected users will see a screen that looks like the one to the right, courtesy of KnowBe4.

How Can I Protect Myself?

There are simple steps you can take to protect yourself now and moving forward.

  1. If your backup drive is currently plugged into your computer, remove it immediately. This will preserve your backup in case you are infected.
  2. Apply the Windows patch immediately. Microsoft has taken the extraordinary step of patching older, sunsetted, versions of Windows — this is THAT IMPORTANT.  Most systems updated automatically, but to check to see if you have the latest version. For Windows 10, Go to Start->Settings->Update & Security->Check for Updates.
  3. Make sure your antivirus software is up to date as well.
  4. DO NOT OPEN SUSPICIOUS ATTACHMENTS OR CLICK ON UNKNOWN LINKS — I can’t stress this one enough. Unless you are expecting a Word doc or a zip file from a friend or relative, do not open it. Once infected, computers spread the virus by emailing it out again to people in your contacts.  If the email message just looks weird and doesn’t sound like anything your friend would send you, do not click on the link.  If the email appears to be from your bank, PayPal, Google, email provider, or another service provider, go to their website directly and login normally. If it is a legitimate request, you will be able to get to the information that way.

Updating just your computer is not enough. ALL computers on your network need to be updated to maintain your network integrity.

What about Macs?

This attack needs to be a wake up call for everyone — not just Windows users.  Despite what some seem to believe, Macs are vulnerable to attacks like these. They are targeted less frequently because there are, overall, fewer Macs out there.  Windows-based systems are the primary systems used in major industries and government.  But, the rules for Mac users remain the same:

  • Keep your operating system updated
  • Use antivirus software and keep it updated
  • Never open an attachment when you do not know the original source
  • Never click on a link when you do not know the original source — phishing is a problem and gets many people. Remember that your bank, PayPal, Google, email provider, etc. will never email you and ask you to enter credentials before you can see the information. If there is any doubt, go to your bank’s website, email provider’s website, or PayPal directly and login normally.

Final Notes

A final note about IMC servers. We run Linux servers, so they are not affected by the current virus targeting Windows computers. We also have security in place to protect against attacks such as these and continuously review our servers to make sure they are running the latest versions of software. Security patches are installed automatically.


What People Are Saying

I just wanted to send a short note to tell you that Lukas continually impresses me with his professionalism, knowledge, accuracy and promptness. I am wow-ed by the service we get from IMC. Lukas made a global change this morning to our site in 15 minutes. He is always there when I need him and amazingly gets the work done the same day. I am so glad we chose Interactive Media Consulting!

Lisa Miller Cost Control Associates

We Can Help

Welcome to IMC 2017!

Welcome to our new website! 2017 is going to be exciting for IMC. We have two new team members — Nathan and Hannah — who have quickly become an integral part of our team.  We continue to work on and grow Arts Spark, expanding the concept to other markets as well. We are looking forward to what is to come and we look forward to continuing to work with you — or meeting you for the first time.

What People Are Saying

I will be eternally grateful to you for what you have done to create this beautiful, fun, interactive web site.  You are AMAZING!!!

Vicki Latham, P.A. -C Toxin Clear

We Can Help

Have You Met Arts Spark?

Arts Spark is a digital platform to help artists with the business of being an artist – and a project of IMC. After years of working with artists and arts organizations, we found there was a need in that community to help with digital marketing.  As we were working on a solution, we learned more about artists’ needs on the business side. So, we developed Arts Spark.  It is still a work in progress — we expect it to grow and adapt as needed.  Our first big event was the launch party on July 21. Our next big event is our first community discussion.  Growing Your Business featuring John McPherson will be held Thursday, November 3, 2016 at Saratoga Arts.  Learn more on the Arts Spark website.

What People Are Saying

Thank you, IMC, for a wonderful art website that is a) easy to update, b) looks great, c) gets lots of positive comments, and d) has encouraged sales by allowing my work to shine.

Lukas is especially incredible (and patient!) to work with.  It’s been a pleasant and rewarding experience working on this with him and, in the end, I have exactly what I want.  Thanks!

Barbara Downs Artist

We Can Help

We are Hiring!

Customer Interaction Specialist

Interactive Media Consulting, LLC, a full service web site development and marketing firm in Saratoga Springs, NY, is growing! We are looking to fill an entry-level professional position dedicated to supporting our existing customer base and new customers from our Arts Spark project.

We are looking for a technically-oriented person with fantastic communication skills. Tasks begin with answering the phone and providing 5-Star customer support by:

  • Updating websites with new content using a variety of CMS platforms
  • Updating social media sites on behalf of IMC and clients
  • Assisting customers as they setup email on new devices
  • Answering questions customers have as they update sites using WordPress
  • Troubleshooting email and website issues, handing off to a programmer if necessary
  • Writing documentation and training customers
  • Creating email marketing messages using Constant Contact

The successful candidate will have the following minimum skills:

  • Excellent communication skills, both written and oral
  • Ability to multi-task and prioritize
  • Ability to work as part of a team
  • Ability to ask questions
  • Working knowledge of Adobe Photoshop, WordPress, and various social media networks
  • Working knowledge of PC, Macintosh, mobile, and Gmail email systems

IMC is a fast-paced environment tracking multiple projects in development concurrently, with a primary goal of delivering a quality product on time. The right candidate will receive a competitive salary, personal time, paid holidays, and contributions toward health insurance.

To be considered for this position, please send a letter of introduction, your resume, and names of references to

Interactive Media Consulting, LLC was founded in 1996. Since then, IMC has secured its position as a quality provider of web sites for small to mid-sized businesses and non-profits in the Capital Region and throughout the Northeast. Our capabilities include:

  • Web site architecture, design and hosting
  • Programming in HTML/CSS, PHP, jQuery, JavaScript, Perl, and VBScript
  • Web site/database integration with Access, SQL Server, and MySQL
  • Electronic Marketing
  • Social Media Consulting

Interviews will begin the week of September 24. Applications will be accepted until the position is filled.

What People Are Saying

IMC has created a wonderful site for us that surpassed our design and functionality expectations.  As a non-profit, we needed a site that was sensitivity to our audience and branding yet flexible enough to be modified internally. The IMC staff couldn’t have been more supportive, and executed this in an amazingly timely  turnaround.  Thank you so much.

Beth Ledy Saratoga WarHorse

We Can Help

Page 1 of 512345