WordPress Security Best Practices – How To Thwart The Hackers

time January 22nd, 2016 Tags:
time Posted in wordpress plugins, WordPress Security, WordPress security best practices

WordPress security best practicesYou hear people talking about WordPress security best practices - but what are WordPress security best practices? What do they involve, and can you implement them yourself?

You may of course be worried about people getting into your WordPress site. You should be! This article lets you know the ways hackers normally hack your website so you can safeguard against them.

Fortunately computer hacking is not really like you see in the movies. Hackers don't typically plug in a fancy computer and run a bunch of numbers. Usually the way people get into your website is through an out-dated version of WordPress, out-dated plugins or themes with vulnerabilities, and easy to guess usernames and passwords.

Did you know that Al Gore's blog has been hacked, CNN blogs have been hacked, and these all happened because they used older versions of WordPress. But as soon as these high profile blogs were hacked, the creators of WordPress released a newer version that prevented these kinds of attacks.

WordPress Security Best Practices

The good news is that having good protection against hacking is more about putting best practice procedures into place rather than spending a fortune with a security consultant. So what is my advice regarding WordPress security best practices?

1. Keep WordPress Up To Date

One of the biggest vulnerabilities, as we've just seen is with out of date copies of WordPress. That's why it's a very good idea just to keep your WordPress version up to date.

Usually when WordPress fix a problem, it's a small and obscure bug and you can upgrade the latest version in just one click. In your WordPress dashboard, go to the updates area and they will tell you either that WordPress is up to date, or that it needs an upgrade. Click that button and you are good to go.

Incidentally, WordPress is not especially vulnerable to hacking, it's just that as it powers about 25% of the websites worldwide, a lot of people know a lot about it. And hackers in particular, exploit the tiniest vulnerability again and again.

2. Keep Your Plugins Updated

It's no good having an up to date WordPress version if some of your plugins still contain those security holes. If you are really worried about it then do a few Google searches for the plugins you're using on your site and see if anyone has reported security holes or flaws with these plugins or themes.

A widely publicised security hole in the past was due to a WordPress plugin called Tim Thumb. This was a way to resize images in a theme so you could upload a picture or a logo to that theme. Unfortunately, the way that it resized that image allowed someone to gain access to the associated WordPress site.

If you happen to have one of those plugins or themes, all you had to do was do a quick search and update the latest version of that plugin or theme, that fixed the issue. Now on a very-very rare basis, some plugins are simply no longer updated, but if they aren't a Google search will tell you this, that you are using an insecure plugin that has no updates, and in that case it's a good idea to stop using it and find an alternative.

3. Avoid Brute Force Attacks

Even with the most up to date WordPress and most up to date plugins, most hackers gain access to your WordPress by simply guessing your username and password. Trying common usernames and passwords repeatedly is called a brute force attack. For example, by simply trying to login using the username Admin and password Admin, or username Admin and password Test.

So if you have an admin user called admin, we need to correct that. What you should do is delete that Admin user after setting up a user account using (say) your first and last name, and a password containing letters and numbers that no one will ever guess.

One of the security plugins I recommend is WordFence. This forces you to choose a hard to guess password and allows computers who have had repeated attempts at guessing your username and password to be locked out.

WordPress Security Best Practices Summary

In this article I've covered some of the easy ways that hackers use to get into WordPress - and how you can protect yourself against them. In short, keep your version of WordPress up to date, and keep your plugins and themes up to date too. Google the names of the plugins you're planning on using to make sure that there are no vulnerabilities in them. And above all use hard to guess usernames and passwords in WordPress.

Just by doing this you are making your WordPress site harder to hack. And it may be that a hacker will turn his attention to a site that's easier to hack. If you'd like to know whether your WordPress site has vulnerabilities, just contact me for a no-obligation chat here: https://www.wptrainingnow.com/blog/contact/

 

CLICK HERE: Discover a New Solution To Keeping Your WordPress Site Up To Date

You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

Leave a Reply



XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>