4 Ways to Bulletproof Your WordPress Site
Posted June 29th, 2012 by Daniel Trimpey. Follow on Google+full-screen
Malicious hackers-many might say they are the bane of the Internet! After all, there are few things more frustrating than dealing with spam, objectionable content and in some extreme cases, complete overhauls of websites due to your website getting hacked. Hackers can cost time and money-neither of which most of us want to spend on fixing a hacked website! But thankfully, we don’t have to be easy prey to those eager to inflict our sites with malware. There a variety of actions we can take to protect our websites and other online accounts from hackers.
However, before we delve into how to be protected, first, let’s look at the types of malware there are to be cognizant of. After all, it is hard to fight something you don’t know anything about.
Types of Malware
Those who specialize in hacking are always looking for ways to make life on the Web difficult for others. They are constantly improving their skills and working to stay one step ahead of the latest in website security. They are particularly fond of platforms such as WordPress, but just because you use something else is not enough to keep you protected. But with WordPress in mind, here are some malware methods you should know about.
- Website Defacements – This when cyber graffiti is used to destroy the design of the site with verbiage, much like the graffiti seen on buildings.
- Cross Site Scripting (XSS) – Hackers will look for a vulnerability and then exploit it by inserting harmful HTML, VBScript, flash or other script designed to steal cookies, hijack the account or even change your user settings.
- PHP Mailers – This is a webserver program used by hackers to introduce coding into your information collection forms.
- Phishing – Used by hackers to trick you into entering your passwords and other private information for your various sites online. They will set it up to look like the real site and then, once they have the desired information, be able to access your accounts.
- Backdoors – This is method used to access a site by bypassing the normal process. Once in, hackers can easily makes changes to your site.
- Drive by Downloads – This is done when websites automatically download malware to your PC. You may think you are getting a single download, but in reality, you are getting an assortment of spyware.
- IP Cloaking – another common ploy of hackers is to target Google IP addresses, which results in malicious links being inserted into a WordPress site. Search engines then see your site as containing an abundance of spam and then your search engine ranking will drop.
So what can you do to protect yourself from malicious software? There are a variety of actions you can take to protect your site from being attacked.
Protecting Yourself against Malware—The Simple Stuff
As a website owner, or just someone who has multiple online accounts, there are many things you can do to protect yourself against hackers. Here are a few things that you can do without any knowledge of web programing and designing:
- Do not have short passwords that are easily guessed. Having a combination of letters, numbers, symbols, upper and lowercase is a great way to make your password difficult to crack.
- Even if you have a difficult password, don’t over use it for every login.
- Change passwords often.
- Don’t let others know your passwords.
Yes, following these “rules” can be annoying, but if you compare that time to the amount of time you will spend rebuilding a website after it has been hacked you will likely realize that the time spent changing passwords is mild in comparison.
WordPress Security—Bring in the Big Guns
Of course, taking measures to protect your website is more than just passwords. You should also take other proactive steps. These include checking your site regularly for any unexpected code or content you did not authorize, keeping your e-mail address off your site, protecting your source code and utilizing whatever protective features your site’s platform offers. And speaking of platforms, WordPress, as one of the most commonly used, offers several ways to protect your website. Here at Page Progressive we recommend that you take the following steps to provide website security:
- Always keep WordPress up to date. Use the “Update Notifier“ plugin or something similar to keep you notified when updates are available.
- Use Plugins that are designed to help protect your site. Some of these are Bulletproof Security, Login Lock-down, Website Defender (mentioned in more detail below) and Secure WordPress.
- Make sure your website is being backed up by your host. Ideally, you want your database backed up daily and your whole website (files) backed up weekly or monthly with multiple versions going back for at least 2 months. That way if your site is hacked, you have backups going back that far to restore to. Many web hosts only backup files and not your database, which is not good for WordPress. Or only one day of backups are saved…or worse there are no backups happening at all! Here at Page Progressive we backup both your files and databases daily with several versions back for easy restoration. There are several plugins which are helpful, but one of our faves is Backup Buddy.
- Make sure you have a Malware scanning tool for quick identification of hacking. Oftentimes, website owners don not realize their site has been hacked until weeks or months later. By the time they figure it out, they don’t have a backup to go to. We offer the GeoTrust Website Anti-Malware Scan, which can help identify malware strains fast. We also recommend Website Defender to keep your site safe. It has the added advantage of scanning from the outside and having a WordPress plugin on the inside of your site to communicate with and scan more thoroughly. If you are a client and interested in adding either service, please contact us and we will be happy to get the web security option in place.
Maintaining a malware-free website can be a time consuming job, but thanks to the variety of tools available combined with vigilance, you can do your part to keep your website and assorted online accounts safe from hackers. Of course, you don’t have to do it alone. Page Progressive in Raleigh is happy to help you be proactive in the fight against cyber-crime. Call today to learn how we can help.