WordPress: 6 Security Tips

Don’t trade online? Site gets hacked.

What’s the worst that could happen?
Google may post a message over your home page like this…
 
Warning-Visiting-This-Site-May-Harm-Your-Computer-Error-Message1
 
Would you continue to the site after seeing that?
 
Overt hacks, where a site is vandalised, is annoying. Covert hacks are more harmful. Code may be injected into the site to distribute malware or record visitors keystrokes.
 
Once compromised, ensuring the ‘back door is closed’ to hackers can take weeks or even months. With ‘Ransomware’ they may demand significant payment to restore your site.
 
To log in to your WordPress site, you should always use 2-step verification. However, if this is too much ‘friction’ for you, here’s 6 steps. They won’t stop the determined hacker, but it will add significant protection.
 
1. Avoid Weak Usernames
Never use the default “admin” username! It’s scary how many do.
 
2. Avoid Weak Passwords
For help on this, read more >

  • Do not use universal passwords
  • Avoid obvious personal info
  • Do not store passwords electronically
  • Use alpha-numeric and mixed case characters

3. Limit number of login attempts
Lock out visitors after a maximum number of incorrect entries of

  • Username
  • Password

4. Be on WordPress’ latest version
Upgrade to the latest version of ‘the platform’ immediately, to ensure you have the latest WordPress security.
 
5. Keep Plugins Updated
Whilst these 3rd party sub-programs save on development costs, they are also a vulnerable point of attack.

  • Use plugins sparingly. 12 is low. 30+ is high risk.
  • Only use well-respected providers
  • Install updates as soon as they are released

6. Security Plugins
There are some excellent security plugins out there for blocking attempted hacks.

  • Instal a plugin to track and lock out attempted hacks
  • Instal a spam comments plugin to block users who post malicious links

As mentioned, whilst these six measures won’t stop the most determined hacker, these will make your site much more secure.
 
Uh-Oh… That’s made it worse!
IMPORTANT: Your site may have been built incorrectly and poorly backed up. If so, updating software yourself may result in all bespoke development work being deleted. That’s going to ruin your web developer’s day and they will be entitled to charge you to put it right.
 
So contact them. They’ll ensure everything is backed up, prior to upgrading the software.
 
Think your site is vulnerable?

  • Immediately change passwords of everyone who has access to the site.
  • Contact your web developer immediately. They may attempt to remove any malicious code through a ‘back-end’ audit.
  • Your developer may contact the hosting provider and get the site instantly quarantined.
  • If possible, your site should be deleted and’rolled back’ to a back-up, prior to the attack date.

 
Then you can rest easy and go back to the day job.

2016-06-02T17:39:48+00:00 Security|