Attack On WordPress Powered Sites: How To Protect Your Website

Spend a day browsing the Internet and there is a good chance that many of the sites that you come across are driven by WordPress. A robust platform typically used for blogging, WordPress is utilized in some fashion in more than 70 million websites, ranging from personal blogs to large corporate websites. However, the ubiquitous nature of WordPress comes with its share of problems. In recent years, malicious Internet attacks have grown at an alarming rate and WordPress-driven sites aren’t spared. If you run a WordPress-driven site, there is an increasing risk of being the target of such attacks.

There are many ways by which unauthorized parties can intrudes upon a WordPress-driven site. Link injections, blackholes, and Javascript and PHP code injections are only a few of the ways by which hackers can wreak havoc on a site, and new methods are coming up all the time. As a WordPress user therefore, it is imperative to come up with ways by which you can protect your site against such attacks. Here are a few tips on how you can do just that.

Perform periodic updates

Using old or outdated plug-ins greatly increase the chances of your site being hacked or injected with malicious code. The good news is that WordPress is supported by a very active user base, so any potential holes in security are quickly addressed. You should therefore take advantage of every opportunity to update your WordPress components.

Make your admin account more difficult to find

It is standard operating procedure for hackers to target the ‘admin’ account. Since this account gives you access to all your user accounts, this is commonly where most hackers look first. You can add an extra level of security by simply changing the name “admin” to something else.

Set file and folder permissions appropriately

Another opening that hackers commonly take advantage of is a file permission set to 777. Again, you can avoid intrusion easily enough by simply setting your file permission to 644 and your folder permission to 755.

Conceal the wp-config.php file

Yet another potential hole in your security is the wp-config.php file. Most experienced hackers will look for this file in this location: your_host/wordpress/wp-config.php. By moving the file to your_host/wp-config.php instead, you may be able to add another level of protection and still have WordPress find it automatically.

Get themes and plug-ins only from trustworthy sources

It is tempting to get themes and plug-ins from various online sources simply because there are so many of them available. However, you should avoid using pirated themes and plug-ins as much as possible. Aside from the ethical issues, these plug-ins and themes from pirate sources typically contain malware or even spam bots, so it would be best to stick to legitimate sources.

Use only a secure connection to your server

Instead of using FTP to allow users to connect to your server, it would be better to use sFTP or SSH or even SSL. For online transactions, HTTPS is a much safer option.

Have you fallen prey to intenet hacking? If so, share with us in the comments below how you were able to restore your system.

2013-07-03T16:00:28-05:00
Call Now ButtonLet's Talk