By: Fred Wooten – Bayshore Solutions Senior Programmer
WordPress has become one of the most common tools for content managed websites. Its ease of use and low cost have made it popular with CMS users, but its popularity and open-source structure have also made it an attractive target for hackers.
While Bayshore Solutions does not typically deploy WordPress websites for our clients, we often inherit customers with this website platform who seek our expertise because their previous developer was unable or unavailable to deliver the functionality they need or who have suffered security breaches due to the open source nature of the platform. We have been able to help many clients resolve such issues and get better results from their websites.
We have found a number of important but simple WordPress security tips that users can take to ensure their sites are less vulnerable to these attacks. Here’s our Top 10:
- UPDATE! Be sure to check periodically for WordPress updates. These updates provide valuable patches for security flaws.
- BEWARE OF PLUGINS! WordPress plugins can provide your site with great additional functionality but they are one of the most vulnerable parts of WordPress. Be sure that any plugins you use come from reputable sources. WordPress.org reviews all plugins for security flaws, but even they can become susceptible to security flaws found over time.
- UPDATE! WordPress Plugins used on your site should be checked periodically for updates. Security flaws are often realized and patched by these updates.
- KNOW YOUR HOST! Be sure that your WordPress site is being hosted by a security-conscious hosting company. A secure hosting company with provide the necessary firewalls, site file backups and server software updates that will help to ensure your site will not be vulnerable to system attacks.
- PASSWORD! Make sure that your passwords are sufficiently strong and update them periodically.
- NO ADMIN! Do not use “Admin” as your username. This just makes it easier for hackers trying to decipher your login and password.
- No WP_ DATABASE! By default, all WordPress databases use the same table names. For added security you should add a unique database prefix so that your tables do not begin with “wp_”.
- LIMIT ACCESS! If your site’s administration is limited to a few users, consider limiting access to your admin tools to selected IP addresses.
- BACK UP! Even the most secure site may still become a victim of a hacker’s attack. Be sure that your hosting company is creating regular backups of your site. These backups are also a must when performing any site updates.
- CHECK YOUR SYSTEM! Regardless of how much effort you put into securing your site, your office computer could be the source of a security breach. Be sure your system is running an anti-virus software and that you are using an up-to-date browser software to eliminate potential security flaws.