WordPress Security – Starters Guide on How to Protect Yourself from Threats

WordPress is one of the most popular publishing platforms available today with more than 24% of all the websites in the world running over it. This paired with the fact that WordPress is an open source platform (this means the code that runs WordPress is available to everyone) make this platform a favorable target for most hackers. This article strives to educate you on the basics of WordPress security and how you can protect yourself from most security issues and threats.
Who attacks your website?
WordPress websites face three threats:

  • Humans. This is the hacker seated with a keyboard trying to probe and attack your website manually. This is a rare threat.
  • Single Bot. This is an automated program/ script that hackers use to attack your website in an automated manner.
  • Botnet. This constitutes a group of machines that run programs that are coordinated from a central server that attack multiple sites in automated manners.

Most attacks are done by Bots and Botnets. The reason for this is because bots are faster and more effective in attacking large sites. To avoid such malicious attacks, it is critical that you close all security holes on your website.
Why do they attack WordPress sites?
There are many reasons why hackers target WordPress sites. The primary goal, however, is to gain control of your website at an administrative level. When this happens, the hacker can read all your files and data in your database. They can also modify the files and data and change how your website works. The main reason for hacking a website is to:

  • Send spam email from your site.
  • Host malicious content such as spam content, illegal drug sales or pornography
  • Redirect traffic from your website to other spam or malicious websites
  • Run their script on your website to enable them attack other sites.

Once your WordPress website is compromised, it will be used for a range of malicious activities. This will subsequently ruin the reputation of your website or even business. So, how do you prevent these attacks?
How to prevent threat and attacks
To protect your website from these attacks, you need to know how you are being attacked. There are several main entries that attackers use. They include your login page, PHP code on your site, unmaintained applications, temporary files, and attacks through shared hosting, attack through operating system or web server.
To prevent these attacks, you need to start by doing the following:

  • Use stronger alpha numeric passwords for all your user accounts
  • Select a reputable hosting service provider and opt for dedicated hosting
  • Keep your themes, plugins and all WordPress cores up-to-date.
  • Use intrusion detection & prevention systems for an added layer of security
  • Remove the old and unmaintained website applications including the old backups of your site
  • Ensure you clear all sensitive temporary files

These are just a few of the items to get you started on protecting your WordPress website. For more details on how to protect your website go to www.websiteservice4all.com/website-security.

Why Can't I Access My Website Administration From Every Computer?

Unfortunately today statistics show that there are over 30,000 websites hacked on a daily basis.  That is an astounding number to comprehend. Think of 30,000 businesses having to react daily to fight off defacement of their website and script uploads that conduct phishing and other nefarious activities.
As a website owner you want to make sure you have good protection for your business so you don’t consistently suffer from these issues.  That’s where we come in to help.  We want to keep your business protected from hacking and any other problems and in order to do this we need to employ certain protective techniques.  These techniques are not all powerful and won’t guarantee your website will never be hacked but they help reduce the likelihood of it and keep a good portion of the attempts at bay.
Why you can’t access your website admin from every computer:
Now that we’ve covered the issue of hacking we will answer this question. One of the many security procedures we use to help rebuff hacking attempts is by restricting IPs from getting to an administrative login url. For example, if you regularly use www.mydomainname.com/wp- admin as your login url we may ask you for your IP and BLOCK all other IPs from getting to that page. This is because hackers many times send out scripts looking for that login url and when they find it they use scripts to automatically try to brute force the username and password and then get into your site.
It’s a Pain in the Backside!!
We know you probably want to access your website from anywhere in the world. You may also want to give employees certain accesses to get in as well.  We know that it is not a convenient thing to try to get into your site and to not have instant access. It is a pain in the backside.  However, it is a much worse option to have your site defaced and / or hacked so that it’s sending out phishing emails, or anything else for that matter.  It takes hours to clean a website once it’s been hacked. That is all time your site would be down or defaced. Instead we incorporate these types of security measures to reduce that kind of downtime. With our service you can request individual IPs to be allowed to access your login page so that you have more website Uptime rather than downtime.
If you have concerns or would like to investigate other or additional ways to protect your website please feel free to contact us or open a ticket to review.