Whether you are a resident of Paris, France or San Bernardino, California, your welfare is being discussed by legislators.
Even as I write this, your future security is being discussed in the press if you are an Apple iPhone user.
Apparently, Apple and the FBI are clashing over whether technology should be produced that would make the information in your phone vulnerable to hackers.
Do you care about your phone’s security?
Do you care about your blog’s security?
Fortunately, my guest author David Attard is here to tell us why we should care and exactly what we should do about protecting our blog’s security.
David, take it away.
Prevent WordPress Hacking with These 7 Easy Tips
You probably often heard about the hacking of websites. Many times you just read a news story and forget all about it.
WordPress hacking, though, is something which could visit any one of us running a WordPress site.
Why would a hacker want to hack a small WordPress website, you may ask?
- Use it to get their advertisements ranked better in search engines
- Use it to distribute malicious software
- Use it to attack other websites …
The list goes on.
You need to do a few strong and hard actions to prevent your WordPress website from getting hacked.
Here are 7 Easy Tips You Should Implement on Your WordPress Website
This article first appeared on DART Creations as The Essential Checklist to Prevent WordPress Hacking.
1. WordPress Security starts with your workstation.
Funny, how when we think about the security of our computer we tend to forget our own computer. If your own desktop is infected, it is more than likely going to pass on the infection to your website.
Make sure you keep all of your Mac or Windows software updated. Software and browsers should be on the latest SUPPORTED versions!
Old versions will have vulnerabilities which WILL infect your machine no matter how many precautions you take.
2. Keep WordPress on the latest version.
Every release of WordPress addresses a number of security fixes. Each time you don’t update to the latest version, you are literally leaving a door unlocked.
There are known vulnerabilities which hackers will exploit if you don’t have the latest version of WordPress installed on your site.
Side note: Consider a host which keeps your WordPress site updated automatically and takes your website’s security seriously.
(Admin Blogger: I am affiliate of A Small Orange, and I highly recommend the company for your hosting needs. Their link is in the right sidebar.)
3. Use a complex admin password.
Prevent WordPress hacking: create a secure password and don’t use easy passwords.
Complex passwords are NOT overrated. Users tend to prefer something shorter and easier to remember; a fact hackers know and take advantage of.
A good strong password comprised of letters, numbers, and any other valid characters will actually go a long way to protect your WordPress blog. Don’t use single words (regardless of length), letters-only, or numbers-only passwords either. What you’re trying to do is break the known patterns to make hacking difficult, if not impossible.
4. Use trusted sources only for downloads.
If you are running on a tight budget, you might be tempted by the option of downloading all the features and functionalities of premium plugins/themes for free – through pirate sites.
Would you trust a pirate with your gold? I think not.
Pirated sites are ill-reputed because they will fill those legit ‘premium’ plugins/themes with malware and let the downloaders do the rest. They will put hidden backdoors in that software. They will convert your brand’s online appearance into a giant poster for enlargement pills – or even worse, malware.
This is a known and very popular tactic of hackers. Pirated themes and plugins are riddled with backdoors and malware.
You can, on the other hand, trust sources like Envato Market (Theme Forest, Code Canyon), Elegant Themes, etc.
5. Use plugins to prevent WordPress hacking.
Your wp-admin should be protected. The login page and admin directory are available to all: including those with malicious intent.
You should strengthen the guard around admin with WordPress security plugins like:
Limit Login Attempts
It will limit the number of login attempts for each IP address, including your own (with auth [authentication] cookies).
Acunetix Secure WordPress
This plugin is a superb security solution in general. It runs a WordPress security scan. It also pays close attention to preventive measures so you don’t get hacked in the first place.
6. Backup your WordPress site (just in case).
What if, in spite of all the prevention, you still get your WordPress hacked? A backup is one of the first things you’ll need to restore your site if you do get hacked.
Backup your WordPress site at least as frequently as you run maintenance or update it. There’s no excuse to be lax in this department, not when there are some quite thorough services and plugins that will run automated backups for you. There is VaultPress, UpdraftPlus, WP-DB-Backup, BackupBuddy, etc.
Create a schedule and let the plugin do the rest. Some of these plugins come with easy restore options. Check to ensure that the plugin is backing up the entire site, including all databases and directories.
7. Secure WordPress though correct file permissions.
The rule of thumb is 755 for directories and 644 for files. Although this varies depending on the server and the type of file in question – in most cases, you should work very well with these permissions. It would be best to ask your host to check, or if you’ve got direct access, you can do this yourself.
Never ever set file permissions to 777 (not even temporarily).
If you are serious about wanting to prevent WordPress hacking – Never set file/directory permission to 777 unless you want to give complete control over it to everyone, including hackers.
There is a very dangerous tendency amongst beginners to set file permissions to 777, “because it’s easy”, or “because we’ll fix it later”, or “because I’ll change it later”. This is extremely dangerous – 777 means anybody who wants can change the contents of that file. With those permissions set, your website is an open house.
Once they have access to one file, rest assured it is very easy to jump to other files or install backdoors and other nasty stuff to your site.
Admin blogger’s commentary:
David did a great job explaining why we should care about blog security and how we can prevent our blogs from getting hacked.
I realize the plug-ins he recommended can only be installed by self-hosted bloggers. However, his other tips can be implemented by anyone.
Having up-to-date computer software and a complex password are valuable suggestions for everyone.
Do you care about your blog’s security?
Who are you siding with in the FBI versus Apple Computer case?
I look forward to your views in the comments section.
Please share, so bloggers know why they should take precautions, how to protect their blogs, and can take part in the conversation about security concerns.
Then, go show David some blog love and visit him at his site DART Creations.