Have a WordPress Security Issue?
Reading Time: 3 minutesAs a wordpress user, conducting a search you will find many resources available focusing on the importance of website security.
Businesses and personal websites owners are aware that if precautions are not taken, it is quite possible that their website could be breached losing some or even all data. Have you already been a victim? Our hope of course is that you have not, but let’s be aware of some procedures that can help prevent this potential scenario.
Why is my wordpress site vulnerable?
Lets first emphasize that this is an incredibly successful platform, with a large percentage of the world’s websites relying on its technology. Successful wordpress security is minimizing risk! How is this achieved? Well, it starts with a little common sense. As with all problems its first important to define the actual cause as wordpress directly may not have been the actual issue. A combination of bad passwords, contamination from malware, phishing attacks, low-cost hosting, use of public wi-fi without a secure VPN or similar are all vulnerabilities that a hacker can use to gain access to your website.
Keeping up appearances
As with all CMS platforms, following bad practices such as not keeping up regular maintenance make it quite exposed for attacks. At ‘least’ a couple of times a month wordpress should be checked to make sure that its software or plugins are not out of date. New versions of wordpress do come out quite often, updates typically fix known security issues not just upgrades to its software. Plugins will also need to be maintained, depending on the amount installed, this could be a weekly schedule. There are times when a custom wordpress solution ‘might’ have an issue with a upgraded plugin, however this can easily be solved by contacting your web design agency. Plugins that are no longer supported should be deactivated (and removed) as they too can potentially create problems. There is alot more to this area, you may wise to visit WordPress.org and discover more on techniques to harden wordpress.
Is your name on the list?
Probably the most discussed subject with all of us in the technology industry is to have a decent password. Always have a strong password that by no means is the name up your hamster or postal/zip code. It really does count, and if you are part of a large organization with a list of users, make sure to delete unused profiles. Security precaution is also making sure there are no previous disgruntled employees with login information, not just the smart hacker. Just for fun, here are a list of the 25 worst passwords according to a report from SplashData.
Now, before finishing this article, go and change your password.
Backup, Backup, Backup
Finally, the last important area to be in control of is to have a disaster plan in place. Some host companies will have some type of backup plan (based on your hosting package) and keep regular archives, but it is important to know that you too should have a custom wordpress backup plan. This might include an automatic tool that backups not only your database, but all files as well. Some tools will help back up files to a place of your choice, such as another server or a service such as dropbox.
Help at hand
Unfortunately we do live in a world where these situations regrettably occur. Time4design recommends you be smart and take these precautions. We are always here to help, so should this be an area of concern, now might be the best time to start a maintenance plan.
Now, did you change your password yet?