Admin
These days, WordPress is by far one of the most popular ways to build a website. With nearly 30% of the internet plugging away with WordPress as the backbone, WP users have come to get used to the incredible level of support and software available for their blog. Unfortunately, this popularity comes with a downside. For malicious actors, having the ability to gain illicit access to a WordPress blog makes it the perfect target for hacking attempts in order to access data and spread malware. Fortunately, most of these targets tend to go after the low-hanging fruit – sites that are improperly set up and insecure. If you run a WordPress blog, these five simple steps can help you keep your site secure.
Keep Your Site up to Date
Statistics show that hackers aren’t usually breaking into the latest versions of the WP core. Instead, they are targeting outdated versions of the software. For blog owners, this means that one of the most important things you can do is keep your software up to date.
According to Terrell, founder of Bottom Line Web Design, one of the most important things we instruct our clients on is how to update their blog. This can be as simple and logging in once per month and manually updating all of your plugins as well as the WP core. You can make this a little easier by using a plugin like Easy Updates Manager, or for users who are managing a number of sites a plugin like MainWP can help you track and update a large number of blogs as security fixes are released.
Install a Security Plugin
For users that aren’t all that technical, sometimes a security plugin can provide basic security across a number of attack points. The free Sucuri Security Plugin provides services like tracking failed login attempts, tracking file integrity, and enabling a web application firewall. File integrity is important because it can help ensure that core WordPress files aren’t modified from their original versions – a common way that malicious software can take over your blog. A web application firewall, on the other hand, can prevent remote code execution and block hacking attempts before they reach your blog.
Change the Default Admin Username & Manage User Permissions
A large number of hacking attempts are what is known as ‘brute force attacks.’ To put it simply, malicious actors will simply try common username and password combinations in the hope that they find some working credentials. The easiest thing you can do is create a new administrator account and remove the default one that uses the simple username “admin.” While you’re at it, this is a great time to ensure that all of the different users of your site have the correct permissions. Writers should only have access to publishing features, while technical administrators might require a few more permissions. But only one user should have complete admin control over the website.
Disable Directory Browsing
Just like the files on your computer, WordPress includes both an index.php file that is required to generate your homepage, as well as a number of folders and files that contain all of your site’s content and plugins. This data is required internally by your webserver to generate the pages of your website, but having a listing of these files open to the internet creates a vulnerability where intruders could look for a way into your site. Disabling directory browsing is fairly simple and needs to be done through your web host. Locate your .htaccess file using FTP software and add the following line to the end of the file:
“Options -Indexes” (without quotations)
This will prevent average users from accessing directory listings.
Install plugins only from trustworthy resources
There are many reputable websites where you can find WordPress plugins. The easiest way is WordPress own database, which you can search from within the WordPress dashboard. But sites like code canyon and the unofficial WordPress Plugin Directory are also trustworthy. Remember, every time you install a plugin you are adding code to your blog that could be malicious. Many hacked sites are found to have used illegally downloaded plugins or so-called “nulled” plugins that were modified in order to pirate code that would otherwise require a license fee. Remember that illegally downloaded plugins are a major security risk, and it’s generally advisable to get plugins directly from the source or through a trusted repository.
Overall, there are many simple things you can do to keep your WordPress blog secure, and following basic security practices will help keep your blog running without interruption.
For more tech info check Techrudraji.
Comments
0 comments