WordPress Security Tips: How To Keep Your Website Safe!!!!!

Security is a one of the loneliest words in the world. People don’t care about it until they get hackend. And when their site is down or data is compromised, they hate the concept of security in general.

Back in my middle school according To DevriX; I had a T-shirt that determined my online alias for many years on. The T-shirt look like this:

image

There are thousands of attack vectors out there and no one is 100% safe. It’s all a matter of time and effort spent by a hacker to get access to your resources.

Mass And Targeted Attacks
It’s important to establish the two main groups of hackers that would potentially attack your website.

The first group is conducting “mass attacks“. Those types of attacks are usually automated and target a large percentage of the Internet.

Mass attacks are normally exploiting a common security problem, recently announced security issue or use statistical patterns in order to exploit a number of random websites. For example – a well-known WordPress plugin issue could lead to an automated script browsing the Internet for WordPress websites running this plugin and trying to exploit the popular vulnerability with a simple command or a set of instructions.

Trying to figure out your password can also work if you’re using a common and practically insecure one.

The second group of hackers target your particular website. They are normally less common than the automated bots, but more dangerous since they don’t try the “one size fits all” approach but try to exploit some vectors that are specific to your website.

The profile of those potential attackers could be:

Someone hired from your competitors

A self-employed hacker looking for a challenge to solve

A random hacker trying to prove a point or test his skills

Different Attack Vectors

I can discuss the types of attacks in details and cover the technical analysis, but if you’re really interested, I’d definitely recommend OWASP. On a business level an attack could happen from several places:

An outdated WordPress Core version – each major release comes with a public list of changes and a hacker could reverse engineer a bug and find a way to exploit it in older versions

Insecure PHP code – your theme or a plugin could include an attack vector that unlocks specific access to your hacker – such as arbitrary remote upload to your website, reading some protected files and more

Vulnerable JavaScript code – inserting JavaScript or working with vulnerable scripts could lead to transfering cookie information, passing false details to the server, stealing identity information, misrepresenting websites or links and more

Insecure SQL statements – those may result in stealing sensitive data from your database, corrupting data, reading private user details (including hashed passwords, emails) and more

Non-protected server – due to outdated software, missing firewall or wrong configuration your website may be vulnerable through the hosting vendor or the hardware system that hosts your website insecure WiFi – using an open WiFi (or generally random network) could be used for stealing traffic, including passwords, sensitive URLs and more

Infected computer – a virus on your notebook could certainly cause damage, and accessing your site is one of those

Personal – most of the time the reason for a hack is a simple human mistake or the so called “social engineering

In order to improve the level security for your website, use the 5-tips guide to keep your site safe.

7 Tips to Keep WordPress Safe

Here there are some practical tips for keeping your WordPress website safe.

1. Protect Your System Internally

There are several plugins that would enhance your security without additional technical work. Keep in mind that this will not keep you 100% safe since there are various attack vectors that hackers use, but it will improve the overall security for your website.

Wordfence is a complete solution dealing with internal protection of some textareas, sanitizing different sections of your site and blocking external attacks. Limit Login Attempts is a single protection plugin that limits the number of failed attempt for a user trying to log in – which will rule out most of the annoying robots and scripts trying to guess your password.

Take a look at Locking Down WordPress – it’s a free ebook focused on security. You won’t regret it.

2. Use Secure Login Accounts

One of the main reasons for websites getting hacked is using simple passwords. According to several research studies, every one out of five online members uses a simple, easy to hack password that is available in most open dictionaries listing the most popular thousand passwords.

Obviously you’ll have to use a password that combines different letter casing, numbers and special symbols.
Longer passwords are better, so even something like MySuperWebsiteIsCool1@ would be incredibly hard to break in comparison to %$!32 which is short and could be iterated with the right software.

3. Beware Of Open WiFi Networks

Another popular vector that has nothing to do with your setup is how you access your website.

Logging in your website from an open WiFi network at a coffee shop or the airport makes it easy for hackers to sniff the network and steal login credentials.

Never trust open WiFis or other networks where hundreds of people can log in and sniff the network traffic. Use your own network at home or at the office, use a VPN provider for secure connections and install an SSL certificate for your site that will protect the traffic on your server.

4. Choose a Secure Hosting Solution

One of the common attack vectors is outdated server setup or insecure hosting configuration. Hiring a system administrator dealing with your custom server would be a good measure against problematic hosting solutions.

Picking a hosting account that specializes in security is another good option. We recommend SiteGround since they have managed WordPress hosting with security in mind, and they deal with various attacks that are limited before reaching your website at all.

5. Carefully Choose Your Setup

Enhancing your website usually involves UI improvements and additional features. Installing random WordPress themes or plugins hides a risk though – there is no guarantee that those solutions are secure.

Recently Revolution Slider was hacked and over a million users were affected, using themes with Revolution Slider integrated. Other popular plugins such as Gravity Forms were also found to be vulnerable.

The top tier clients at WordPress.com VIP and working with top WordPress agencies have dedicated developers reviewing every single line of code added to a website for enhanced security. Even if you are not able to afford that cost, keep in mind that random themes and plugins could open an attack vector for hackers who can take over your website.

6. Keep Your System Up To Date

Keeping the WordPress Core and plugins up to date is also essential. In case of a security breach, most vendors release an update immediately – update your system regularly and close the latest security bugs.

7. Enable Monitoring Services

There are different services and custom solutions monitoring for suspicious activity, reporting downtime and other potentially unwanted changes.

WordPress File Monitor Plus is a great plugin that reports daily when files have been changed. Sometimes there are false positives – when a plugin has been updated, or your contact form captcha image has been regenerated. But monitoring this logs would let you catch some suspicious changes and delete them early enough before an attack has been conducted.

At DevriX we offer security reviews and setup for our high-end customers whenever data is important and customers’ reputation should be protected.

Our next email will cover monitoring options and update services that would help you with your website management.

GODPHRAIM IN DevriX…..

3 thoughts on “WordPress Security Tips: How To Keep Your Website Safe!!!!!

  1. Ϝirst off I would ike to saƴ superb blog! I Һad а quick question tɑt I’d like to asқ iff you ɗo noot mind.
    I waѕ іnterested tо knoiw hoա yoս center yoursel and clear your hɑd befоre writing.
    І’ve Һad a haгɗ time clearing mʏ mind in getting my thougts out.
    I ddo enjoy writing ƅut іt јust seems like
    the first 10 to 15 minutes are usuаlly lost simply just tгying to
    figure out Һow to beɡin. Any recommendations οr hints?
    Cheers!

    Like

  2. It has clear massaging gel and it works very well
    with open toe shoes. After an Achilles tendon rupture, a player will be able to walk flat-footed,
    but will not be able to stand up on his or her toes on the
    affected side. Ill-fitting shoes may also cause pain because they tend to squeeze the foot, causing the
    pressure inside the increase.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s