WordPress is the most popular open-source content management system for web developers currently on the Internet today. According to their own count, WordPress claims they have more than 47 million deployments worldwide. Unfortunately, that type of fame can attract hackers, too, who love the idea of attacking vulnerabilities in one universal platform, which can reach 47 million+ websites. Because its market share is so vast, the Google Webmaster team is now warning webmasters who still use an older version of the CMS to update immediately.
Securing your WordPress site can be done with relative ease; here are a few tips on how to safeguard your site from these common attacks.
Update, Update, Update
It’s imperative for you to update your WordPress site. The top guys at wordpress.org are pretty good about building in fixes to their updates. WordPress has also been great about building in new features and improving the overall CMS in their updates, so you really can’t lose. If you’re not sure how to update your WordPress site, here’s a quick how-to:
- Disable your plugins, do a back-up (just in case) and click the update link. Below is an example:
- If you don’t know if you’re out of date, WordPress (v 2.7 and up) will tell you at the top of the screen in a bright yellow box. There’s also a button with the number of updates you have available in your top toolbar. If you don’t see either of these features, your version of WordPress is too old! Don’t ask, just update!
There are some great plugins to help you secure your site; get them immediately. They are free and work well!
- Askimet – This plugin will protect you from the spammy comments on your site. It comes pre-installed on your WordPress site; all you have to do is sign up, get a code and enter it into the plugin so that you can activate. There are optional paid services, but the general use of the plugin only requires you to get a code.
- Bulletproof Security –This is like having Chuck Norris prowling for hackers around your website. BulletProof Security protects your WordPress website against XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking attempts. It has one-click .htaccess WordPress security protection. It also protects wp-config.php, bb-config.php, php.ini, php5.ini, install.php and readme.html with .htaccess security protection. One-click Website Maintenance Mode (HTTP 503) is also an option. Get the plugin here.
Don’t forget, updating your plug-ins is important, too. Just like WordPress, plug-ins that increase your site’s functionality are up kept by the open source community, too. Hackers can use vulnerabilities in plugins (depending on what type of plugin it is) to wreak havoc on your site.
Login and Passwords
- Admin, my admin – Try to use a somewhat unique name. Don’t make your administrator account called “Admin.” That’s the first thing a hacker is looking for.
- Don’t use easy passwords. And no, “123Jesse” or “JD987612345” are not good passwords just because it has numbers or it’s long. Use uppercase, lowercase and a number combination that is not obvious (birthdays are OK, but not great if the hacker gets your personal information from your domain registration or your social media accounts).
Remember, it’s easy to protect your WordPress site from hackers. With a little extra effort and attention, your site will be hackproof! Do you have any tips for protecting WordPress sites? Let us know in the comments below.
Photo credit: xserve