5 Tips for Keeping Your WordPress Website Secure · 5 Tips For Keeping Your WordPress Site Secure...
Transcript of 5 Tips for Keeping Your WordPress Website Secure · 5 Tips For Keeping Your WordPress Site Secure...
www.circlebc.com.au
5 Tips for Keeping Your WordPress Website Secure
2
5 Tips For Keeping Your WordPress Site Securewww.circlebc.com.au
3 | Introduction
4 | Tip 1 : Keep Things Up to Date
5 | Tip 2 : Use Secure Passwords
6 | Tip 3 : Disable Unused Plugins And Themes
7 | Tip 4 : Limit Login Attempts To Your Site
8 | Tip 5 : Keep Regular Website Backups
9 | Summary
3
5 Tips For Keeping Your WordPress Site Securewww.circlebc.com.au
WordPress is used by over 26% of ALL websites
on the internet.
The fact that WordPress is so widespread and popular, is due to it’s
ease of use, flexibility and affordability, making it a popular choice for
business big and small.
This popularity also makes WordPress sites a target for hackers and
other cyber criminals resulting in the CMS being subject to hack and bot
attacks, trying to exploit known vulnerabilities in the software.
Keeping your website secure and functioning is not overly difficult, it’s
just a matter of good housekeeping, it is increasingly important to keep
WordPress Core, themes and plugins updated, and keep regular backups.
Additional preventative maintenance including virus scanning,
firewalls and ongoing security monitoring is also a good idea.
This eBook provides 5 Simple tips to keeping your website secure
and functioning, and providing a fallback option if something where to go
wrong. It is by no means a complete guide but is a good starting point.
4
5 Tips For Keeping Your WordPress Site Securewww.circlebc.com.au
Keeping your site up to date and well maintained is probably the
most important tip, keeping everything up to date puts your
WordPress site in a safe position to begin with; it means that any
known security issues are patched – this is crucial because known
and common security issues are exactly what hackers are looking
for.
Keeping your site up to date includes not only the core WordPress
installation but also any themes and plugins that you have installed.
A default install of WordPress will automatically install core updates
but they can also be installed manually from the dashboard under
the Updates menu.
Themes and plugins will not update themselves automatically by
default, so these should be monitored in the dashboard – updates
for themes and plugins will show up in the same place as the core
update notifications. It is a good idea to backup your site and in the
majority of cases engage your developer to perform this work, as
from time to time plugin conflicts can cause issues with the site and
its functionality and some plugins may need to be rolled back to
older more stable versions.
In addition you should also be aware of any plugins that have out of
date or insecure files and functions within them. Some hosting
providers will scan for these types of files automatically, or you can
employ a website support agency to perform these regular checks
for you as part of a website maintenance program.
5
5 Tips For Keeping Your WordPress Site Securewww.circlebc.com.au
This may seem common sense, but having a secure password
makes it much harder for hackers to break in to your WordPress
installation. At the very least a secure password should consist of at
least 8 alpha-numeric characters, at least 1 uppercase letter and 1
special character. A strong password should also be something
other than a common word found in a dictionary and not have the
site name or business name as part of the password.
All of these factors will make a password harder to guess and will
also help to prevent a hacker from using a brute force dictionary
attack where a list of passwords are tried automatically.
You should not only use a strong password for your WordPress login
but also for your FTP account, website control panel and also your
SQL database(s) associated with your WordPress installation.
6
5 Tips For Keeping Your WordPress Site Securewww.circlebc.com.au
It is very common in
WordPress installations for a lot of
unused themes and plugins to be
present – this often comes about
when changes are made to the
website and superseded features
are left unmaintained or due to
poor housekeeping during testing
This can be a massive security
risk because plugins and themes
could be left for a long period of
time, because they are not in use
they could be left and not updated.
In addition if support for these themes and plugins ends then the
developers may not even provide security updates, which provides
another backdoor or vulnerability for hackers and bots to expose.
To prevent this risk it is a good idea to uninstall any themes and
plugins that are not in use – this will not only make your site safer but it will
also make everything easier to maintain and will also reduce the load on
your web server.
7
5 Tips For Keeping Your WordPress Site Securewww.circlebc.com.au
Limiting the login attempts to WordPress is a pro-active security
measure that makes it very difficult for a hacker to brute force their way in
to your installation, by limiting the rate of login attempts, including by way of
cookies, for each IP.
A brute force attack – in other words is trying thousands of passwords
automatically until they find the right one and are able to then gain access
to your website or server.
Site admin can also be notified when a brute force attempt takes place,
which could also be a prompt to change website and server passwords.
This also emphasises the importance of using a complex password and not
something that is easy to remember, as it makes the password much
harder to crack.
8
5 Tips For Keeping Your WordPress Site Securewww.circlebc.com.au
Rather than being directly related to the security of your WordPress
installation backing up your site creates a safety net in case
something does go wrong. It doesn’t matter how secure you keep
your site the possibility will always exist that you may get hacked.
Keeping regular backups ensures that you always have a way to
easily and quickly recover from an attack, should it ever happen.
Some hosting companies will provide you with automatic backups
as part of their service but even so it is a good idea to keep an
additional backup of your WordPress installation and preferably not
on your server, as in some cases if your website and server get
hacked, your backups might also be compromised.
There are many free plugins for WordPress that make this job easy.
There are also some premium WordPress Backup Providers that
offer additional functionality such as offsite storage and automated
restores.
9
5 Tips For Keeping Your WordPress Site Securewww.circlebc.com.au
In Summary, keeping your WordPress website secure starts with
basic maintenance and keeping your site, themes and plugins updated.
Keeping regular site backups in a location off your server also helps.
The steps above are by no means bullet proof and there are other
things to consider such as penetration tests to check for unknown
website and server vulnerabilities, website firewalls and malware
detection and prevention, but by employing these basic techniques to
begin with will provide you with a solid base to build upon.
www.circlebc.com.au1300 978 073
If you would like more information about
this eBook or require assistance with the
support and maintenance of your WordPress
website, please get in contact with us,
we would love to hear from you.
www.wordpresswebsitesupport.com.au