WordPress is a popular and secure Content Management System. However, there are still hackers out there who attack WordPress. Last April, security experts were alarmed of a growing attack campaign against WordPress and they advised businesses and users to secure their sites. Web hosting firm CloudFlare revealed that the brute-force attacks have been successful against tens of thousands of sites and they were able to gain access to the WordPress admin account.
Bloggers were urged to apply updates in WordPress since the unpatched vulnerabilities and third-party components make it easy for hackers to attack a site. Dennis Dwyer, a security researcher for Dell-SecurWorks warned that the recent attack targeted third-party plugins, which makes it important for WordPress users to update patches. He wrote, “Regular updates address serious security vulnerabilities that may be used by an attacker targeting a WordPress site.”
WordPress may be a mature and secure platform but no website can be totally secure from attacks. Here are some of the things that you have to check to harden WordPress:
• Security – Choose a secure server from a trusted web hosting provider. They should be able to offer security, stability, and reliable methods for backup and recovery.
• Computer – Always keep your computer free from spyware, malware, and virus infections. Keep your operating system and software updated at all times to protect you from security issues.
• WordPress – Keep up to date with the latest WordPress version. WordPress releases regular updates which addresses new security concerns that may arise. It’s the responsibility of the user to keep updated with the latest version. Report any security issues or bugs that you encounter to WordPress to help them address these issues.
• Web Server – Make sure that your web server and software are secure and stable. A trusted host can provide these protections to your website.
• Network – Make sure that the WordPress network and client network are trusted. Have your firewall rules updated at all times. The internet connection in an Internet cafe or any other Internet access points in public places are not trusted networks so avoid updating your blog using these connections.
• Password – Use a strong, unique password that will be hard for others to crack and make it difficult for brute force attack to succeed. Use WordPress’ feature that checks the strength of the new password you will be using. If your website has been attacked, the hacker can deface your site, install malicious scripts which can compromise the server.
• FTP – Inquire with your web host if they provide SFTP. Use SFTP encryption when connecting to your server since it encrypts your password and other data during transmission.
• File permissions – Create a file permission scheme which will help you select which files can be writable by the web server.