Websites can become infected or compromised the same way a
personal computer can, and neglecting to protect your
WordPress installation from security exploits and malware
can be catastrophic for your business. Not only can your
sensitive data be accessed, but Google can detect if your
website is infected and will de-rank it to avoid spreading
viruses to consumers.
Also Read - Benefits Of Antivirus
Preventative measures
Before worrying about securing WordPress, the first step is
to take care of the computer you use to administer the site
and access your FTP. In fact, any computer that has access to
your website or FTP needs to be completely clean and
malware-free at all times, install a reliable anti-virus monitor
and perform scans regularly. Use a different computer for
downloads, especially from unidentified sources. Also
remember to keep your computer and your applications up to
date.
Be picky about plugins
Plugins are at the heart of WordPress functionality and many
webmasters rely on them for major portions of their sites, but
shoddy coding can open up exploitable vulnerabilities. When
installing plugins verify the identity of the developer, don't
install anything with poor reviews and compatibility issues-
plugins that haven't been updated in a long time can also be
unsafe. Try to use plugins developed by trustworthy teams and
agencies with a credible brand.
Use a trusted theme
Messy code in a theme can be just as dangerous as anywhere
else, so be sure to use a theme created by a professional
designer- you can use a plugin called Theme Authenticity
Checker to look for vulnerabilities or fishy elements. If you
hire a contractor to create a unique them for you, run through
the code yourself if you are familiar with HTML, CSS, and
PHP.
Enable a security solution
While it is possible to manually secure your website by
fiddling with settings and editing configuration files
(specifically .htaccess), it's much easier for most users to
simply use a plugin or software solution to secure WordPress.
BulletProof Security is probably the most complete plugin
available for free, it protects your site against unauthorized
access, SQL injections, and many other vulnerabilities. Better
WP Security is also a good choice- it can keep sensitive data
totally hidden and even encrypted or password protected.
It's also a good idea to scan your site for malware using
either an external tool or a plugin like Sucuri Sitecheck
Malware Scanner.
Defending WordPress from spam
The most common type of spam you'll deal with using
WordPress is almost always in the comments, so using a tool
like Akismet to filter comment spam is necessary, requiring
approval for comments is also recommended if you have the
time for it or if you can assign an assistant to it.
You may also receive spam on your website forms, including
ones for contacting you via email or signing up for accounts.
To combat this, just require that users fill out a CAPTCHA
field when submitting forms.
Update, Update, Update
Keep track of new versions of Wordpress (they make it very
easy for you) and update your installation as soon as you see a
security release. Old versions of Wordpress are often
targeted by hackers and spammers.
personal computer can, and neglecting to protect your
WordPress installation from security exploits and malware
can be catastrophic for your business. Not only can your
sensitive data be accessed, but Google can detect if your
website is infected and will de-rank it to avoid spreading
viruses to consumers.
Also Read - Benefits Of Antivirus
Preventative measures
Before worrying about securing WordPress, the first step is
to take care of the computer you use to administer the site
and access your FTP. In fact, any computer that has access to
your website or FTP needs to be completely clean and
malware-free at all times, install a reliable anti-virus monitor
and perform scans regularly. Use a different computer for
downloads, especially from unidentified sources. Also
remember to keep your computer and your applications up to
date.
Be picky about plugins
Plugins are at the heart of WordPress functionality and many
webmasters rely on them for major portions of their sites, but
shoddy coding can open up exploitable vulnerabilities. When
installing plugins verify the identity of the developer, don't
install anything with poor reviews and compatibility issues-
plugins that haven't been updated in a long time can also be
unsafe. Try to use plugins developed by trustworthy teams and
agencies with a credible brand.
Use a trusted theme
Messy code in a theme can be just as dangerous as anywhere
else, so be sure to use a theme created by a professional
designer- you can use a plugin called Theme Authenticity
Checker to look for vulnerabilities or fishy elements. If you
hire a contractor to create a unique them for you, run through
the code yourself if you are familiar with HTML, CSS, and
PHP.
Enable a security solution
While it is possible to manually secure your website by
fiddling with settings and editing configuration files
(specifically .htaccess), it's much easier for most users to
simply use a plugin or software solution to secure WordPress.
BulletProof Security is probably the most complete plugin
available for free, it protects your site against unauthorized
access, SQL injections, and many other vulnerabilities. Better
WP Security is also a good choice- it can keep sensitive data
totally hidden and even encrypted or password protected.
It's also a good idea to scan your site for malware using
either an external tool or a plugin like Sucuri Sitecheck
Malware Scanner.
Defending WordPress from spam
The most common type of spam you'll deal with using
WordPress is almost always in the comments, so using a tool
like Akismet to filter comment spam is necessary, requiring
approval for comments is also recommended if you have the
time for it or if you can assign an assistant to it.
You may also receive spam on your website forms, including
ones for contacting you via email or signing up for accounts.
To combat this, just require that users fill out a CAPTCHA
field when submitting forms.
Update, Update, Update
Keep track of new versions of Wordpress (they make it very
easy for you) and update your installation as soon as you see a
security release. Old versions of Wordpress are often
targeted by hackers and spammers.
Using AVG protection for a couple of years now, and I would recommend this solution to everyone.
ReplyDelete