WordPress is a great tool, used and loved by 1,000,000s of people its easy to install, quick to update from either your PC or your mobile and best of all its free software.
However, there are some points that should always be considered when running WordPress in any form. As WordPress is such a well known product, this has also become its security weakness. The people behind WordPress regularly release updates, typically at least one per month and it is advisable to install these updates to patch bugs or fix security concerns.
In our experience, many editors that use WordPress do not run important updates and even more concerning is that they do not have any additional security on their installation. This can lead to hacked sites, hosting pages or files that you are unaware of, or maybe your website has become part of a spam botnet; the hackers using its code to send spam through to unsuspecting individuals.
There are some simple steps you can carry out that will mitigate many of these threats and We’ve listed them below:
- Make sure that you patch WordPress and associated plugins to their recent stable versions.
- Install security plugins such as admin login limiters and website scanners such as Wordfence.
- Look into IP address banning through fail2ban as a way of automatically capturing and “jailing” IP addresses that seem to be carrying out “naughty” things.
- Install an SSL certificate for the admin part of the wordpress installation if not for the whole thing.
- Look into cacheing mechanism. These have two positive effects, i) they tend to speed up the site and ii) they protect it to a degree as the cached versions of the page are served not the native PHP code.
If you carry out these 5 basic tasks and keep on top of them on a weekly basis, then your website will be a happier one that will no doubt also run more efficiently.
If you think you need help with your WordPress install or simply want us to take a quick look over it and provide some feedback on what you should be doing, then why not drop us a line.