Securing your WordPress site

January 22nd, 2018

At the point of writing, Wordpress is powering nearly 30% of all websites and has a market share of almost 60% over all other content management systems. With popularity comes a major issue, you make yourself a target. If there is a vulnerability than the likelihood is it is going to be found and there are people out there just waiting to take advantage of these vulnerabilities.

Fortunately WordPress and it's major plugin developers provide frequent releases to try and stay ahead of the would be hackers. This is fine if you are actively maintaining and updating your site, but if you don't then you are putting yourself at risk. If exploited, a vulnerability could allow an attacker to gain access to your site or even your web server.

Once a site is compromised one of the most common types of actions taken by the hacker is to deface the site, ruining the reputation of your companies domain name. Another is to use it to send spam email, something which may not be noticeable until your domain is blacklisted. Assuming you depend on your email to communicate with customers then the consequences can be disastrous.

Brute force attacks

Even if your site is kept up to date, brute force attacks at attempts to login can be successful if your users are not taking their password security seriously. Your site users can be one of your easiest points of entry, especially if they are not using strong passwords or are sharing passwords across multiple services. In December, it came to light that a huge 1.4 Billion database of encrypted passwords was available on the dark web to would be hackers. It's important to not only educate users but to have measures in place to try and identify and block possible brute force attacks.

Keep your website safe

There are some simple steps you can take to improve the security of your site.

  • Update WordPress and plugins frequently
  • Avoid plugins that no longer look to be maintained
  • Use strong passwords
  • Do not re-use passwords across multiple services
  • Do not share password or user accounts with others
  • Use a firewall to block against brute force attacks
  • Periodically check over your user accounts and remove those that are not used or look suspicious

At DOT we take web site security seriously not just during the build but as an ongoing process once a site is launched. We ensure site's are continuously updated, users are educated and look to put measures in place to block against threats. Should the worst still happen then we'd look to get you back up and running with a recent backup stored off the server.

Is your web site security keeping you awake at night? Then get in touch to see what services DOT can offer.

Find this interesting? Then share with people you know.

blog comments powered by Disqus