News Ticker

Expert Feature: Let’s Be Careful Out There Folks (WordPress Security Tips)

wordpress security tips

The last few weeks have been interesting, if not a bit annoying.

I had two websites that got brute force attacked. This means that hackers programmed hundreds of computers to beat on the front door of two of my clients’ WordPress websites.

One of the sites is a church. Why would someone want to break into a church website? Because they’re easy targets.

It’s likely that many church websites are set up by volunteers who may not know much about security. Once compromised, the hackers can install malware, then send out e-mail spam with links to the malware, further spreading their disease.

Fortunately, I know enough about security that I had made both sites reasonably tight, and nothing happened. The hosting company noticed it, blocked the attack and notified me.

This has led me to up the ante with a couple tools – which are now standard for all my clients.

If you have a WordPress site or blog (or both), you need to do this:

 

  1. Always make sure your WordPress platform and all plug-ins are up to date with the latest versions. Hackers know all the vulnerabilities, and it makes you an easy target if your platform is out of date. Make sure you have a good backup software like the iThemes Backup Buddy plug-in that automatically backs up your site when you want it to.
  2. Next get the iThemes Security plug-in.This plug-in means business. I was gratified to notice that the initial changes I had already put in place were validated by the plug-in. But then it put in many more changes to make the site very difficult to compromise (notice I didn’t say impossible). Hopefully it makes it hard enough that they go away and find an easier target.
  3. Spam comments drive me crazy. Despite having the Captcha tool, I still get thousands of spam comments that have to be weeded through and flushed. I have found a plug-in that has cut it down to nearly ZERO. It’s called WP SpamFree, and has worked like a charm.

With the new security plug-in I’ve had two people in two countries that tried to get past my website moats (one in France, and one in the Ukraine).

The iThemes Security plug-in let me know, and I calmly and quickly went into the tool and blacklisted the bad guys. Poof. Gone.

Security Flaw Discovered That Compromises Two-Thirds of Web Servers

The little security padlock that you see on web addresses that start with https, gives us a sense of security when we put our credit card or banking information into a website.

In other news, unfortunately, researchers announced on Monday that they found a huge flaw in the OpenSSL security certificate that runs on two-thirds of the web servers. If someone knows how to get past the flaw, they can get user names, passwords, credit card information, social security numbers, and banking information without leaving a trace.

I’m a fan of LastPass to manage all my passwords, but even that could be compromised. They are advising all of us to change all our critical passwords now at your bank, credit card payment systems, LastPass or any other critical systems where you have access.

Do it now, folks.

 

Photo by Sh4rp_i

Related article

 

About Thomas Petty (47 Articles)
Thomas Petty is a Digital Marketing Trainer at Thomas Petty Digital Marketing Solutions. He is a popular blogger and speaker and has trained businesses from around the world in digital marketing, search engine optimization and WordPress.