WordPress security should not be taken lightly else you keep getting attacks one after the other. WP is an Open Source platform and everybody has access to its Source Code which makes it easy for hackers.The top reasons for WP hacking inlcude lack of interest / know how of webmaster, use of wp themes / plugin from un-authorized / incorrect sources, use of free wp themes, not keeping wp / themes and plugin updated.
Types of Attack:
- SQL Injections
- Clickjacking
- Cloaking
- Blackhole Exploit Kit attacks
- Password and Login brake efforts
Many of the attacks target the default WordPress username with bruteforce, password cracking robots. First step is to change your “admin” or “administrator” username from the WordPress Administration Panel.
- Go to mysql tool (phpmyadmin)
- Find your database
- Go to wp_users and browse for “admin”
- Under user_login column, change it to something else.
This naturally leads to the following…
2. Choose a strong password (more abuot passwords)
Choose a password that includes multiple upper and lowercase letters, as well as symbols such as ”!@#$%^&*()” Go to Users–>Your Profile and change it through the “New password” field at the bottom. This will make it way harder to crack it down. Make sure you do the same for your ftp Cpanel hosting account password and don’t use the same one you used in WordPress.
3. Frequently backup your database
You heard this one before. Do regular backups or you will eventually regret it. You may lose all of your work if being hacked. Also, remember to backup every time you make changes. You can do that through the use of a plugin or manually.
4. Always Update your WordPress
There is absolutely no reason to stay on the older versions when there is a new one available. WordPress updates contain bug fixes, vulnerability fixes and cover security flaws discovered by the vast WordPress community. Same goes for updating themes. It is easy and efficient. Actually, it is the best and easiest way to prevent your page from malicious activities, which are most likely as result of a compromised and not fully updated application, site, exploitable php scripts, etc. All the old versions of your applications can be considered as a potential security holes. They can simply be used by the attacker, who is (most of the time) an automated spider.
5. Protect your WP-CONFIG.PHP file.
Move your wp-config.php file one directory up from the WordPress root. WordPress will look for it there if it cannot be found in the root directory. Also, nobody else will be able to read the file unless they have SSH or FTP access to your server.
There are a number of important plugins you should consider installing:
This is very useful plugin, protecting you against brute-force password-crack attacks. It keeps track of the IP address of every failed login attempt. You can configure the plugin to disable login attempts for a range of IP addresses when a certain number of failed attempts is reached.
Secure WordPress is an easy to install comprehensive plugin taking care of number of things, including:
- Hides your WP version.
- Removes error information on login page.
- Removes core update, plugin update and theme update information for non-admins.
- Blocks queries potentially harmful to your WordPress website
- Adds a virtual index.php plugin directory.
- Many others…
Crash resistant, comprehensive plugin, covering many aspects of an attack – XSS, RFI, CRLF, CSRF, Base64, Code Injection and SQL Injection hacking attempts. According to the official description – “The BulletProof Security WordPress Security plugin is designed to be a fast, simple and one click security plugin to add .htaccess website security protection for your WordPress website.” This pretty much sums it. A must have!
Exploit Scanner goes through the files on your website database, comment and post tables in search of anything suspicious. It also notifies you for unusual plugin names. It does not remove anything, it simply warns you for potential threats.
This is another must-have security plugin.
- Investigates WordPress web requests in attempt to block obvious attacks.
- Black and whitelists pathological-looking phrases based on which field they appear within, in a page request. (unknown/numeric parameters vs. known post bodies, comment bodies, etc.).
Implementing all of the above will probably take less than an hour to complete, while making your WordPress site much more resistant to intrusions. Over 1 million WordPress sites were cracked last year, mainly due to easily preventable security gaps. Have yourself prepared and you are likely to be on the safe side.
unique links