WordPress Security

Wordpress Security

Simple WordPress Security Tips to make sure that your site does not get hacked

When using WordPress as your choice CMS it is crucial to ensure that you have the right security measures in place. The developers of the WordPress CMS system do their best to ensure WordPress Security but hackers always seem to find a way to penetrate a site especially if the website owner does not take the right steps to ensure the WordPress Security.

WordPress Security Essentials

Update your WordPress

Update, Update and Update some more. This is probably the most important aspect of keeping your WordPress site safe. Updates for both WordPress and plugins are regularly released. Apart from the actual software being updated, WordPress builds and plugins are also updated to patch WordPress security vulnerabilities and “holes” which may have been discovered.

Hackers use automated software to scan for outdated versions of WordPress and plugins and once they find these, they use them to enter the Worpdress site and reek havoc!

The famous admin account

Once a hacker discovers that a user with the username “admin” exists they can try and enter your site with a technique known as “brute force“.

Because a hacker now knows that you have a user called “admin”, they can now run an automated program which will guess the password. So if you have a user called “admin” and the password is called “password” or even “P@ssw0rd”, it will be a breeze for a hacker to penetrate the site.

So the bottom line is, get rid of the user called admin, this will make the hackers life a lot harder and will also provide much needed WordPress Security for the site.

While you are at it, you can also get rid of the the user ID, “1″ because the first user created by the WordPress system has a default ID of “1″ and by getting rid of it, you once again make the life of a hacker much harder.

I would recommend installing the following plugin which will assist in completing these tasks – Better WP Security.

Strong Passwords

Ensure at all times that your passwords are strong containing Capitilization, Punctuation, Numerals and avoid using general terms like the sites name for example.

Here are the 25 most common passwords of 2012, along with the change in rank from last year.

1. password (Unchanged)

2, 123456 (Unchanged)

3. 12345678 (Unchanged)

4. abc123 (Up 1)

5. qwerty (Down 1)

6. monkey (Unchanged)

7. letmein (Up 1)

8. dragon (Up 2)

9. 111111 (Up 3)

10. baseball (Up 1)

11. iloveyou (Up 2)

12. trustno1 (Down 3)

13. 1234567 (Down 6)

14. sunshine (Up 1)

15. master (Down 1)

16. 123123 (Up 4)

17. welcome (New)

18. shadow (Up 1)

19. ashley (Down 3)

20. football (Up 5)

21. jesus (New)

22. michael (Up 2)

23. ninja (New)

24. mustang (New)

25. password1 (New)

Source: CBS News

Shard Hosting Server

If you are hosting on a shared hosting server, you run a much bigger security risk. The reason being is that if a hacker penetrates one site on the shared server, the chances are that he will have access to the other sites as well.

I recently consulted on a client’s website which was hacked, the website was built in HTML, which does not really provide any back doors for hackers but upon further investigation, I realised that the site is hosted on a shared server which is also home to a Joomla site. The Joomla site got hacked exposing all the other sites on the server to the attack.

So if you are hosting on a shared server always ensure that all your sites are up to date…

WordPress Security Conclusion

My father always says “Prevention is better than cure”. This is definitely the case when working with WordPress. It is much easier to take simple steps to ensure the security of your site instead of fixing a hacked site.

Sometimes you might be unlucky and you might get hacked even after implementing all the above steps. Always ensure that you always have a up to date backup of your site and database. This can be a manual process or you can use plugins to automatically create site and database backups.

This is a rather effective plugin which we frequently use to backup our databases, Backup WordPress.

There are other security measures which can also be implemented to increase your WordPress Security but I would highly recommend installing Better WP Security to ensure that you are fully protected.

If you need help with a hacked site or some more information regarding WordPress Security, please feel free to contact us.

Posted in Tips, Web Development, Wordpress
2 comments on “WordPress Security
  1. Steve Walker says:

    Great article. Thanks.

    I recently had a WordPress site hacked and it was hosted on a shared server too.

    The malicious code was injected into every single index.php file on the entire server. As you can imagine, cleaning this up took a very long time indeed! Each site then started to be blacklisted by Google, so required adding to Webmaster Tools and then a request put in for a review. This took several days.

    Changing the usernames and passwords of the admin login fixed the problem. I would also recommend the Sucuri plugin to harden up some of the features of WordPress to prevent loopholes.

    Steve Walker
    Web Design Reading Berkshire

    • Siegfried says:

      Hi Steve,

      Thanks I am glad that you found the article useful.

      It helps to have security measures in place instead of fixing hacked sites afterwards…

      Especially if you do not realise that a site ahs been hacked and the hacked site/pages are indexed by google. It is a nightmare to remedy this.

      I will definately check out the Sucuri plugin, thanks a lot!

      Siegfried

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>