So you have made the right choice and selected WordPress as the Content Management System (CMS) for your website. Then you decided on a good design and built a fine website so that everyone can find out about your products. Next you wrote some amazing, unique content and posted this to your site. Finally, you told people about your site and your content, promoted it on Google and the visitors arrived in droves.
Ok, this probably is way too simplistic, but you get the idea… You have a site, you have content and there are visitors to your site. What next?
Well, invariably with WordPress being such a popular platform, your site would not only attract potential customers, it would also attract people who would just love to find a way to exploit your site for their own gain or just because they can!
So the ‘what next’ must be to batten down the hatches and make sure that the undesirable visitors can’t do their worst. Fortunately there are free and paid-for tools for WordPress (like iThemes Security) to help guard against malicious attacks and there are some basic practices that should be followed (as shown in the infographic on the right).
The infographic displayed outlines the primary precautions that should be taken to protect your precious website.
People often make the assumption that all hosting providers are created equal. They are not! When selecting a hosting company ask about the infrastructure used for hosting your site. Is the hosting secure? how many sites will be sharing the same server and IP address (if you have selected a shared hosting package)? Do they monitor the activities of the other sites on your hosting? etc.
Make sure that your WordPress password is secure. Make sure your password is at least 8 digits long, includes upper and lower case letters, a number and a special character like $, %, * etc. The use an online check like ‘How Secure is My Password‘ to check how difficult it would be to crack your password using brute fore methods.
Updates to the WordPress system, themes and plugins are continually being provided. WordPress makes it relatively easy to update these yet all to often sites are not maintained properly and may of the resources are not up to date.
These updates are released for good reason. Two of the main reasons are
- Improved functionality and
- Fixes to vulnerabilities
The second of these is the most important. Once a vulnerability is identified in a plugin or some other resource, this information is available on the internet and just as the ‘good guys’ get to work on preventing these vulnerabilities, so too do the ‘bad guys’ get to work to exploit these. Obviously it is therefore vital that you implement the fixes as soon as these are available.
PHP Exploits (Plugins)
WordPress is built on PHP which is a scripting language that is ideal for developing web solutions. However, like all software, there can be exploits within PHP itself and PHP code is a common method that hackers may use to gain access to your WordPress site. Like the WordPress Content Management System (CMS), the plugins that are available on the WordPress repository also are written using the PHP language. Therefore, it is important to limit the exploit opportunities by installing only essential plugins and removing any plugins that no longer needed.
Only install software from trusted sources. WordPress.org checks software before it is available on the WordPress repository and therefore, you should only get plugins from WordPress.org, well known commercial repositories or from reputable developers.
Our WordPress Maintenance service will ensure that your website is kept up to date and that security software is in place and maintained. Have a look at our WordPress Maintenance Packages and contact us if we can be of assistance.