How to protect yourself
WordPress is one of the most popular Content Management Systems in use today, and while there is a certain amount of in-built security, you can never be too secure. Below are just a few things you may wish to consider for your own site, or have a serious think if you are creating sites for your customers and have not reviewed the security levels.
Why would you spend time and money perfecting the design and content of your site, and not secure it?
These are very simple things to do and quick to implement, but there are delivered in a form of suggestion and there will be many more tools out there to achieve the same results.
Wordpress Backup (click for more info)
This may seem an obvious place to start, and indeed it is. You should backup your site regularly and before any major updates including any of those mentioned on this page.
Secure FTP (click for more info)
This is a simple step, and its basically changing your settings from FTP to SFTP. This will provide a layer of protection when you are uploading or download files from your website.
Stay Safe Online (click for more info)
The first place we need to talk about here are Secure Passwords. Why?
Well, firstly this is the most important weak points of defence for your site. Being humans and being lazy or forgetful, we have never really overcome the issue of passwords and all the problems they create.
On the downside, or to add to it, computers have got better, faster and more powerful. It’s hardly a level playing field, and may never be.
The main threat to your site is YOU. In addition to having a poor password in the first place, you feel its a great idea to have the same password for all of your sites. REALLY?
Lets take this example.
Your new blog site that you have created for something to do, or to learn how to use the software has a password of… wait for it… password.
So what! I hear you cry, and indeed so what. Its not like its that important, as you were only using it to learn or waste some time. Well, here is the kicker… the really secure password of “password” you used on your blog site is the same password you used on your banking site too. So, when Mr Hacker comes along and works out your blog password, he can use his special hacking toolkit for other accounts you may hold, and hey presto! The password only worked for your online banking or amazon account etc, and now he can do some real damage.
I bet you wish you had at least chose two passwords now, don’t you.
Point made. If you have multiple accounts with the same password, they you need to review that immediately.
Do not use the same password. A Hacker only needs to crack one and may have access to all your accounts.
Secure your WordPress database (click for more info)
This is a similar issue to that of your password. If you leave it at the default password or access level which is administrator then your data will not be secure against an attack. This is not a simple update, but is well worth the effort to protect your sensitive data.
Secure WordPress Installation (click for more info)
Salt security for WordPress (make sure you read up on this before implementation, as you can get locked out of your site).
Secure Login (click for more info)
Do NOT use the default ADMIN login.
This is a HUGE security risk as every hacker knows that the default account for WordPress is ADMIN. This the first account Hackers try.
It stands to reason that any help the hacker gets, the quicker they will gain access to your site. So, to conclude, if the hacker knows you have a WordPress site, and you have used the ADMIN login, he now has 1/2 the information needed to access your site already, and now can concentrate on cracking your password.
If you have already installed your WordPress site with the admin account, you can create a new account following guidelines for a secure username and password, and grant it administrator privileges. You can then log out of the admin account, login with the new account, and then delete the admin account.
.htaccess security (click for more info)
(only edit this file if you know what you are doing. The damage could be permanent)
Block access to wp-config.php file
Restrict admin access to IP address – this ensures that you can only access the admin panel in WordPress from your home location.
Stop directory browsing – if the hacker cannot see the folders on your site, it makes it that much harder to access.
Disable Server Signature – making your server hidden removes vital information neede by hackers to gain access to your site.
Protect .htaccess file – protecting this file is very important, so this would also need to be reviewed on your current site.
Content / Bandwidth Protection (click for more info)
Prevent Hotlinking – this prevents another site using your images on their site, but linking back to your site to display them, therefore stealing your bandwidth.
Protecting videos – this is just simply protecting your content against other people downloading or copying it.
No right click plugin (WP Content Copy Protection & No Right Click) – this protects your site from visitors downloading your images or content.
For a more detailed response from WordPress in how to protect your site visit here.
I accept no responsibility for any loss or damage, whether direct or indirect and however caused (including through negligence) that you may suffer in connection with your use of the Site or any linked website. Nor do we accept responsibility for any such loss suffered as a result of your use of or reliance on any information contained on or accessed via the Site. However, this disclaimer does not extend to any liability imposed by law, to the extent that such liability cannot be lawfully limited or excluded.
To the maximum extent permitted by law, we exclude any conditions or warranties that would otherwise be implied into these terms and conditions. Where a condition or warranty cannot by law be excluded, then that condition or warranty will be deemed included in these terms and conditions, but our liability in respect of any breach of that condition or warranty will be limited to the maximum extent permitted by law.
Ready to get going on
your next project?
Get in touch today to discuss your requirements
Leave me a message
Monday: 9.00am - 5.00pm
Tuesday: 9.00am - 5.00pm
Wednesday: 9.00am - 5.00pm
Thursday: 9.00am - 5.00pm
Friday: 9.00am - 5.00pm
If you need advice or a review
of your site, contact me today.
Based in WORCESTER