Some WordPress designers don’t think about the future of the websites they are creating and appeal to a variety of plug-ins in hope that they will deter hackers. Others, as I will demonstrate, have adopted an approach which is more fundamentally important for underlying security issues.
WordPress is the most popular content management system on Earth, and it’s websites are a popular aim for hackers. For example, the Flashback botnet attack exploited more than 700,000 Mac computers, tracking their WordPress blogs and infecting them with malware.
Update the WordPress version
WordPress engineers can detect vulnerable points of the system, but their efforts have no results if the updates are not installed. You are 70% less likely to be a victim of malware attacks if you have updated your WordPress version.
Keep the themes and plugins updated
The principle “if it ain’t broke, don’t fix it” may have some truth, with the exception being the world of websites. Older versions are more predisposed to attack, with old themes and plugins being the most vulnerable.
Remove the deactivated plugins and inactive themes
Regardless of plugin or theme inactivity, your security is not reduced. This fact was proven in August 2011 when an attack caught the TimThumb script and some of it’s themes and plugins. Although the affected plugins and themes were deactivated, the script remained on the website, waiting to be scanned as an attack point for hackers.
Replace the “admin” user
Using a predefined WordPress username (we’re talking about “admin”), a website system is 50% easier to break, because hacker attacks begin with this name. To replace it, create a new username with administrative authority, log out and in again using the new username. Subsequently remove the “admin” username.
Use a secure password
The most broken password in year 2011 was “password”. This password choice is completely ridiculous but many people don’t understand that complex words are not safe either. Security experts recommend using passwords with at least 8 characters, including small and capital letters, digits and symbols. The passwords should not contain complete words, your name, the username or company name.
Use the passphrases, like “2beeRknot2bee!”. In addition, don’t tell anyone your passwords and don’t keep them on your computer.
Use a different prefix for boards
Changing the WordPress board prefix from the standard “WP” can help protect your website from attacks, because every attack realized on WordPress websites uses the standard prefix. Changing the prefix during the WordPress re-installation can be executed with help from a simple opening of the file “wp_config.php” – just modify the value in the string “$ Table_Prefix = ‘wp_’ from “wp_” to any other value.
If the WordPress is already installed, you’ll have to rename the boards opening the database with phpMyAdmin, select a board and click on “Operations” on the right upper corner of the window. Finally, modify the value in the “Rename table to” box to enter a new prefix and edit the wp_config.php file as it was described above.
Remove the version information
The information which identifies the author and WordPress version is contained in the page source code and can help hackers determine which websites are using older WordPress versions and vulnerable plugins. Removing the information about your current version is identical to adding the next line in the file functions.php: remove_action(‘wp_head’, ‘wp_generator’)
Use trustful plugins
If you are a designer who uses random plug-ins which satisfy your necessities, you automatically expose your website to risk. The plugins with easy codes can offer an open door for attacks. Search for the most popular, well-rated plugins.
Use a good host
Because the structure is only as solid as it’s foundation, one of the most fundamental steps in WordPress website security is choosing an illustriously evaluated host. They must be proactive and possess good records, taking into account security problem solutions. Ask your supplier about the security measures they use and determine how often their servers are updated.
Keep your computer clear
Lastly, ensure you’ve updated your operating system and software while installing the last security updates and important patches. Install a reliable antivirus program, which will not only protect your computer of viruses, but that will also detect malware. Make sure that the firewall works, which will navigate you away from suspicious sites.