WordPress is a giant among content management suites, powering an astounding 74,652,825 websites around the world.
But its success and ubiquity has a downside: it’s made WordPress one of the most sought-after targets for online crime.
If your site is running on WordPress, don’t fear – these tips can help you make your site’s defences formidable.
1. Don’t ignore your updates
Perhaps the most important thing you can do for your WordPress site’s security is keeping up with the latest updates.
Each time a new update is released, details of the patched flaw are released, giving potential attackers plenty of pointers in how to overtake your site.
Thankfully, WordPress has made the upgrade process relatively pain-free – allowing for one-click updates whenever a new version is released. (Just don’t forget to backup in case anything goes wrong!)
These new versions will often include security patches and interface tweaks that will help to keep WordPress attackers from exploiting well-known gaps.
2. … or forget your plugins and themes
You’re only as strong as your weakest link. Even if your main blog is kept up to date, older plugins and themes can present security holes for attackers to exploit.
Plugins and themes can offer back doors to your site’s admin area, so it goes without saying that any of them can provide gaps in even the most secure WordPress installation.
The solution? Delete any themes and plugins you’re no longer using. Note that deactivating them isn’t enough; you’ll need to clear them completely with the ‘Delete’ option in your WordPress admin – see the official WordPress guide for uninstalling these additions here.
As well, only download plugins and themes from trustworthy sources – ideally, from the official WordPress repository: WordPress.org.
These add-ons are filtered before being added to the official site, so they’re verified and compatible with the latest versions of the WordPress platform.
Good quality themes are also worth the premium fee, especially if you’re running your business site on WordPress. Premium themes tend to be updated regularly and have their compatibility ensured with the latest patches.
3. Take care of file permissions
If you’ve been in charge of installing your particular WordPress implementation, taking care of file permissions is an easy loose end to leave untied.
If you have access and you’re not sure whether this has been dealt with, fire up your favourite FTP software and check out your WordPress install directory.
You should see permissions set to 755 or 750 for folders, general files set to 640 or 644, and your precious config file, wp-config.php, to 600.
Also, try not to use the default “admin” username, as this can make half the job of bruteforcing the login screen easier for hackers.
Additionally, make a strong password (or use your password manager’s generator) and be sure to switch it up every once in a while.
By following these principles, you can ensure that your site isn’t victim to the major vulnerabilities plaguing many older WordPress installations.
Many happy postings, WordPressers!