WordPress security has always been a hotly debated issue. On one one hand many developers of bespoke systems deride its open source credentials while proponents of the platform point out the crowd sourced wisdom and brain power that is constantly upgrading and plugging loopholes. Others develop plugins that will help to block the easy back doors that so many hackers find so easy to exploit. When it comes to the oener of a business whose online presence depends on the security and integrity of his or her WordPress installation, those fine arguments don’t matter.
What matters to them is that the website stays up, stays secure and protects the valuable payment details of customer and business alike. But who is most likely to undermine that integrity? The very same business owner!
How many of you dear readers have got 1 password for all your online life? Howmany are still using admin as the username that controls the website? You are simply reducing the hackers workload by 50% – you have offered a gift horse to the scum that wreck!
How Big is the Security Problem in WordPress
Currently there are approximately 90 million infected websites / computers around the world which are working to prise open as many of the world’s WordPress websites as they can so that they could launch a DDoS attack from hundreds of millions more if they decide to “pick on” someone. They do this to overwhelm webs servers with the sheer number of requests flooding in from all corners of the globe. Those are the “attacks” you hear about on the news.
There are still an unbelievable number of people protecting their investment in website and ecommerce with the astoundingly creative, hacker defeating PW “password” !! Now I ask you… what planet do they live on. Having a strategy for creating and changing secure passwords is an absolute must! if you have customers leaving details – even just emails and names, then you are effectively breaching data protection law through sheer lack of awareness.
What is particularly perverse about the state of WordPress security is that is so easy to harden your website and deter all but the most determined hackers.
A “Simplists” Guide to Hardening Your WordPress Website
- Step 1 Make sure you have another administrator user set up on your WordPress backend then downgrade the admin user to subscriber, or if available in your version of Worpress to “no role on this webite”.
- Step 2 Organise backup on a regular basis and download or store in the cloud.
- Step 3 Update WordPress, themes and Plugins – flaws in older versions often allow hackers to sneak malicious code onto your website. And use a theme from a reputable source. In my early days of tinkering when I was still stingy about spending anything on a website, I discovered that my lovely Mountains theme was linked to a Viagra site… which might be useful in a few years time, but didn’t do my rankings any good at all. Google could quite plainly read the code for the hidden link which I couldn’t see.
- Step 4 Install a security plug in. If you are short of cash, then I recommend Bullet Proof Security which is brilliant but needs a couple of other plugins to help it run and can misbehave with others occasionally, but is very thorough. If you have a little cash, get Tony Treacy’s Secure WordPress Plugin from ow.ly/mDj10
- Step 5 get RoboForm or Lastpass to manage your passwords and do away with easily crackable hacker’s gifts that you are currently using.
Just carry out those 5 steps and you have reduced your risk by 95% at a guess. The infographic gives a sobering reminder of why WordPress is being targeted.