WordPress is one of the most widely used content management systems on the Internet today. Originally developed as a blogging platform, WordPress has been expanded into a comprehensive and versatile CMS that is used by everyone from major media companies and government agencies to individual bloggers. WordPress can be uploaded onto the user’s own webspace and free WordPress blogs are also available at WordPress.com.
Partly because of its significant market share, WordPress has become a tempting target for hackers and other online criminals. By gaining access to a WordPress site, criminals can turn it into an attack site (one that downloads malicious code onto the computers of people who view the page), commit vandalism or steal information for the purposes of further identity theft. By maintaining an awareness of current threats, you can protect your WordPress site from attacks.
The most recent version of WordPress (v3.5.1) contains 37 bug fixes, including fixes for three crucial security flaws. Older versions still have these flaws and other issues, making them more vulnerable to attacks. Ideally, you should be running the latest version of WordPress; if this isn’t possible, you must at least ensure that you are taking alternative precautions. Hiding which version of WordPress that you’re using is simple and will make it harder for criminals to attack your site.
To hide the version of WordPress you are using, open the functions.php file from your theme and insert the following line of code:
This will stop WordPress telling users what version of WordPress you are using, keeping hackers in the dark about security risks they might exploit.
Abandoned and Risky Plugins
Plugins are very useful for expanding the functionality of your WordPress site. Some plugins may be infected with malicious code or contain security issues; it’s important to make sure that you only use reputable plugins and update them regularly. If a plugin is abandoned and no longer updated, then security may be compromised and you may be better off removing it.
Allowing Unlimited Login Attempts
While choosing more secure passwords can help reduce your vulnerability to brute force attacks, you can also improve security by limiting the number of login attempts in a certain time period or from a particular IP number.
Allowing anyone to register with your WordPress site may seem like a good idea; for example, you may want people to leave feedback on products or comment on articles and content. This kind of activity should be managed via a commenting system, however, rather than allowing people to register directly. Depending on your settings, universal registration can be used to access your dashboard and private information, or to commit vandalism or take control of your site. You can prevent this by restricting registration from your general settings screen.
Vulnerabilities in Themes
WordPress themes allow you to customize the look and feel of your site. Unfortunately, like plugins, they can sometimes be used to attack your site, perhaps by including a backdoor in the code. Ensure that any theme you use is free from malware or security flaws.
Remember that as a popular piece of software, new WordPress vulnerabilities will inevitably arise over time as criminals attempt to find ways around security systems. Keeping your software up to date will help protect your site.
• Install the latest version.
• Disable universal registration.
• Keep your security software up-to-date.
• Install any recommended security plugins.
Author Bio: Jason Stevens from jason-stevens.com / Freelance web developer, tech writer and follower of cloud computing trends. Follow him on Twitter: @_jason_stevens_.
*UK2.net reserve the right to agree or disagree with our guest bloggers. Call it freedom of speech, but our guest bloggers are entitled to have an opinion. If you wish to agree or disagree, then feel free to leave a comment. Thanks for visiting our blog! If you wish to become a Guest Blogger for UK2, please contact our marketing department.