SolidWP Security (formerly known as iThemes Security and installed on all the sites we manage) allows you to enable “Away Mode” – disallowing any administrator logins during hours when you’re sure nobody should be working on your site.

Hackers try to get in to sites around the clock. But are you likely to log in at 3am local time?

As usual, there’s lots of scary stuff in the security news these days. Be safe:

1. Use different passwords for each site or service. Never re-use.
2. Use secure passwords. There’s plenty of advice on the ‘net about what that means. Or use a password generator, or a password service like LastPass or 1Password.
3. Be hyper aware of phishing attempts especially at this time of year. Don’t open attachments from people you don’t know – or people you DO know when you’re not expecting them. Nothing is so time critical that you don’t have time to ask “Did you just send me ‘HappyPuppies.docx”?    And be sure the response comes from the person who supposedly sent it.  I recently received a dropbox link from a cousin, out of the blue.  I hovered over it and it obviously was not a link to DropBox, so I was a bit suspicious.  When I emailed him (at the same address) I got a response that yes, he did send it… but no other details.  Which reminds me… I still need to call and confirm!
4. Consider using an anti-malware program. ClamAV (Windows) and ClamXAV (Mac) are inexpensive and effective, as is Sophos Home.