The threat of wordpress hackers recently has got me wondering about the security of my own site. Now I don’t think that my blog is going to be targeted, however, I still think it is at risk and now I need to take steps from preventing such a thing happening. I’ve been reading recently that there two ways (although I’m sure there are plenty more) that hackers are gaining access to our sites and files, one being the use of software which I believe is called a ‘Brute Force Attack’ where the software has a list of all commonly used passwords or even a dictionary and it will cycle through all these words until it comes up with the combination to unlock all your hard earned blogging.
How long this would actually take is anyone’s guess, however, would the wait be worth outcome for the hacker? The other way hackers can access your site is through WordPress Themes and Plugins. I’ve read stories that even the vendors of the themes and plugins have placed scripts in the code!!! Also, if you are using shared hosting as I am, once hackers have found their way into your server they can insert the scripts that way, leaving all of the hosted sites vulnerable to attacks.
I think it is very important that we look after the security of our sites because we do put in a lot of hard work. Here I will now leave a few tips on how to toughen up your WordPress!
1. Change your password often and try to pick a password that would be hard to crack! And write it down so you don’t forget!
2. Try to limit the amount of plugins you install and delete the ones you don’t use anymore.
3. Make sure you are using the latest version of WordPress. Wordpress are constantly working on ways to keep their platform safe.
4. Make regular back-ups of your databases and download them to your hard drive rather than backing up to your server.
I know I said previously about limiting the amount of plugins you use, however, by installing a couple of plugins to add to the security of your site can’t be such a bad thing. Here are a few I have found to be useful:
Wordfence Security (free) Wordfence Security is a free enterprise class security plugin that includes a firewall, anti-virus scanning, cellphone sign-in (two factor authentication), malicious URL scanning and live traffic including crawlers. Wordfence is the only WordPress security plugin that can verify and repair your core, theme and plugin files, even if you don’t have backups.
BackWPup (free) The backup plugin BackWPup can be used to save your complete installation including /wp-content/ and push them to an external Backup Service, like Dropbox, S3, FTP and many more. With a single backup .zip file you are able to easily restore an installation.
WP File Monitor Plus (free) WP File Monitor Plus Monitors your WordPress installation for added/deleted/changed files. When a change is detected an email alert can be sent to a specified address. It has plenty more features.
And last and by no means least there is WP Anti-Virus (free) AntiVirus for WordPress is a easy and safe tool to protect your blog install against exploits, malware and spam injections. Scan your templates now!
With the increase in the security of our sites maybe the hackers will be deterred, but with millions of websites out there, they can just take their pick and move onto the next one causing havoc on their way.
I hope you enjoyed this post, if you did please share it with others that you think may benefit from it 🙂