Secure Wordpress
We know from experience that having your site hacked is not fun, In line with our serious approach to security; our products are carefully optimized to be as secure as possible. There are, however, still a handful of potential security risks, when running a website, that we have no control over. You, the website owner, need to pay attention to these potential security risks, in order to keep your website safe.
With that in mind, here are 8 things you can do to improve your WordPress security.
1. Update all the things
Every new release of WordPress contains patches and fixes that address real or potential vulnerabilities. If you don’t keep your website updated with the latest version of WordPress, you could be leaving yourself open to attacks.
Many hackers will intentionally target older versions of WordPress with known security issues, so keep an eye on your Dashboard notification area and don’t ignore those ‘Please update now’ messages.
The same applies to themes and plugins. Make sure you update to the latest versions as they are released. If you keep everything up-to-date your site is much less likely to get hacked.
To understand the benefit of keeping everything up to date, please check the next article:
https://blog.nintechnet.com/critical-0day-vulnerability-fixed-in-wordpress-easy-wp-smtp-plugin/
2. Strengthen up passwords
Around 80% of hacked WordPress websites are down to weak passwords.
If your WordPress administrator password is anything like ‘letmein’, ‘P@ssword, (all way more common than you might think!), you need to change it to something secure as soon as possible.
3. Never use “admin” as your username
Earlier this year, there was a spate of brute-force attacks launched at WordPress websites across the web, consisting of repeated login attempts using the username ‘admin’, combined with a bunch of common passwords.
If you use “admin” as your username, and your password isn’t strong enough (see #2), then your site is very vulnerable to a malicious attack. It’s strongly recommended that you change your username to something less obvious.
4. Use the correct permissions
Simply:
644 —> files, 755 —> Folders.
Never ever use any permissions but the listed above.
5. Delete default WordPress themes
The current WordPress download package comes with three default themes pre-installed. Because WordPress is now powering more than 1 in 4 websites on the internet, WordPress sites are a prime target for hackers and spammers. If your site isn’t secure, hackers can use your themes as entry points. They’ve studied WordPress themes and know how to take advantage of them to forge an all-out attack on your site, your server and its resources. Hackers may insert malicious files or edits to your theme to try to hijack your site. Sometimes they get in through vulnerable scripts, as was the case with the historic timthumb.php attack in 2011, which posed a serious security risk for millions of WordPress sites using themes bundled with the script.
6. Install Wordfence plugin
There are a lot of security plugins for WordPress; it’s so hard to find the best one. There is one plugin that can drastically help protect your WordPress security, though. Take it from me; it is many net for your WordPress site. If I were to populate a list of “must have” plugins this would most certainly have to be on the list. It’s just that important. Its name is “Wordfence.” This plugin is very powerful, and I use it on all WordPress sites I need to scan or secure.
I found this excellent Wordfence YouTube video that shows you all the features of Wordfence:
https://www.youtube.com/watch?v=rg1L5R26Ecs
7. Activate Akismet plugin
Every WordPress installation comes with two plugins pre-installed. One of them is Akismet, which is definitely in our list of must have WordPress plugins. Even though Akismet comes pre-installed, it is not activated by default. You must take some extra steps to activate it.
Akismet is a comment spam filtering service. On popular websites, the amount of spam comments could get as high as 85%. This means out of every 100 comments only 15 are legitimate. Comment moderation is a time-consuming task, and Akismet can save you hours. Akismet will catch spam comments before it lands in your moderation queue as pending. This allows you to focus your energy on moderating comments by real users.
8. CXS Exploit Scanner
ConfigServer eXploit Scanner (cxs) is a new tool that performs active scanning of files as they are uploaded to the server.
The active scanning of uploaded files can help prevent exploitation of an account by malware by deleting or moving suspicious files to quarantine before they become active. This includes recent exploits such as the Dark Mailer spamming script (multiple variants, including obfuscated code regardless of file name) and files uploaded with the Gumblar Virus. It can also prevent the uploading of PHP and Perl shell scripts, commonly used to launch more malicious attacks and for sending spam.
Growth Marketing & Creative Strategy Consultant | Start-Up Scaling Expert | Personal Branding Transformation | Everyone is a Brand
5 年Very useful article ???? Looking for more
Key Account and Business Development at HTN Integrated Security Solutions
5 年???? ??? ??? ??? ????? ??????? ???? ?? ???? ???? ???? ????? ??? ?????? ?? ????? ?????? ????? ?????? ??? ?? ?????? ?????
Co-Founder & CMO at Catalyst Marketing Agency. Digital Marketing Trainer
5 年Very useful tips, keep the good work!
Senior Engagement Manager PMP / PSM / PSPO
5 年I was asked to read this article and criticize it, But all I can say is that I read it and learnt from it. Great article.
Head Of Training And Development at ?????? ?? - ??? ????????
5 年Your style is more than amazing. You made it look so easy to understand while it's NOT! .. thanks a lot, Mate! keep up the good work.