WP_vulnerabilities_header.jpg

WordPress is an open source, free content management system (CMS) used for creating websites. It’s easy to use and customizable, either by adding your own code, or by using templates and plugins that others have already created. The ease of use has helped WordPress be used by 74.6 million websites on the Internet.

That popularity also makes it a target for hackers and spammers who use spambots or harmful software called malware viruses. To help make sure that your WordPress website isn’t a target, we’re giving you this list of ways to keep your website from being vulnerable, as well as this download.

Keep Everything Up-to-Date

WordPress frequently posts major and minor updates of its framework. Keeping the framework on the latest version helps keep the security inherent to WordPress current. Not only that, updates can also contain helpful new features, fixes for known bugs, and improvements to site speed. Make sure that templates and plugins are also updated often.

Normally, WordPress users are alerted to a framework update when they log in to their site. To know when an update is available, users can opt to get notified via email. It’s important to keep your site backed up before making the change to the next version in the slight event that something goes wrong.

Create a Strong Username

Nowadays everything needs its own username, not to mention password. It’s hard to keep them all straight and it’s easy to use variations on simple, well-worn usernames. For something as important as a WordPress administrative account, it is imperative that the username is complex. Don’t use variations of “webmaster” or “administrator”, and certainly do not use “admin”—all of them are on the very top of the list bots use to infiltrate sites. Instead, use your full email address (or a complex variation) or something more unique and off-the-beaten-path, such as “john-hEpryB5744”.

Use Secure Passwords

Just like usernames, passwords are difficult to develop and keep secure. Passwords (for WordPress, FTP, DNS, and other important accounts) should be at least ten characters, have a combination of numbers and digits, and include mixed-case lettering and symbols. It is never recommended to write down or keep a password on a computer, but if you must, make sure that it is in a secure location with limited or restricted access. Beware of sharing passwords; if it’s necessary, do not copy and paste buy alprazolam powder into an email. Instead, take a screenshot or send in a text or zip file and make sure not to draw attention to which account it belongs to. Bots are smart and can search, scan, and test hundreds of variables in seconds.

Get a list of sites that generate random passwords here.

Limit the Number of Administrators

As mentioned above, refrain from sharing passwords, especially over email. In the same way, it is crucial to know who has access to the administrator account of your WordPress site. Is there one username and password that five different people across the company use, or do they all have their own access? Do five people need full access to the site? Limiting the amount of administrator accounts can decrease the probability of an attack on your site. In WordPress, users can create different types of accounts, such as editor, author, and contributor, each with its own permissions to the site. The less frequent the use of the administrator account, the more secure your site will be.

Disable the Comments

Is your site utilizing the comments section in your blog? If not, turn off the comments option. Every open comment field is a back-door for a spambot or malware virus to infiltrate your WordPress site.

Reduce Amount of Plugins

Not only is it important to keep your plugins up-to-date as well as the WordPress framework, it’s also important to get rid of unnecessary plugins. Maybe you installed a plugin, but found that it didn’t do what you need it to do—get rid of it. Only use the plugins (or themes) that your site really needs to function. This reduces the amount of ways hackers can access your site.

It’s not pleasant to think that your site could be hit by spammers and hackers, but it’s even worse to think you could have prevented it with these simple suggestions. The more prepared you are to face the possibility of a hit, the less likely you are to be hit. These aren’t foolproof ways to protect your site, but adding layers of protection to one of your company’s most valuable assets never hurts.

Download our resources and vulnerability checklist to help you maintain the health of your website. 

{{cta(‘6595ddf2-308c-49e5-afe3-1da012ebfa9a’)}}

If you would like a security assessment, contact us now.

Stay Connected!

Sign up to receive updates from Sparkfactor