WordPress Security Practices and PlugIns
Print Article
WordPress Security Practices and PlugIns
Recently, in issuing Version 2.8.5, WordPress fixed a vulnerability in previous versions that left it open to a certain kind of denial of service, or DoS, attack. A DoS attack is launched by hackers against a specific website (usually a company or a blog), designed to crash the site and server by flooding it with requests for information, comments, or trackbacks.
Rest easy, though – there are some simple practices you can employ to lessen your chances of becoming a victim. And, luckily for users, it’s not just the bigger companies and organizations that are developing protections against vulnerabilities like these – users are developing fixes as well. With that in mind, here are some steps you can take and plugins you can download to keep your WordPress site safe and secure.
Practices
1) Keep Your Version of WordPress and Plugins Updated
This is the first and most basic step to security. Developers at WordPress AND the private developers who create the plugins are always addressing vulnerabilities and making more secure versions of their product. Check for these updates regularly and, after backing up your site, download and install them.
2) Setting (and Re-setting) File Permissions
Some plugins may require you to change the file permissions on certain files or folders to 777 before installing them. Be sure to set your permissions back to the original setting (usually 755 for directories and 644 for files) once you’ve completed the installation. For more on this, see WordPress’s page on this.
3) Password Security
When around 60,000 Hotmail usernames and passwords were posted online, it was found that the most popular passwords were “12345” and “123456789.” Bad idea – make your passwords stronger. Test the strength of yours at Password Meter and, if it’s weak, try creating a stronger one at Password Bird or Strong Password Generator.
Plugins
This plugin is the workhorse of the bunch. It scans your entire WordPress-based site, checking for vulnerabilities and alerting you when it finds them. It comes highly recommended by WordPress pros and casual users alike.
When you install WordPress, you’ll inevitably leave a trail behind you, with vulnerabilities that the savvy hacker might be able to exploit. This plugin sweeps your trail clean by removing any unwanted, exploitable and telling information left over from the installation process.
This handy plugin does just what its title promises – it backs up your core WordPress tables as well as other tables of your own choosing. It’s easy to install, use, and customize. WordPress also offers its own backup functionality through the Admin page of your site.
By securing virtually any part of your WordPress site – the login page, the admin area, posts, and pages – this plugin uses the standard cryptography protocol SSL to keep your information safe.
Since so many sites run on WordPress, you can bet there are hackers working around the clock writing malicious code designed to exploit it. This powerful and effective plugin not only does daily scans to protect against viruses, worms, and malware, but also emails you reports on suspicious files.
Every day, it seems, there’s another story in technology news about a new way your data can be compromised online. Whether it’s personal data being lost in the "cloud," thousands of email passwords being published online, or various malware taking down entire networks of computers, online security is becoming something that concerns not only system administrators and tech folks, but the normal everyday user as well. And that’s a good thing – the more aware we are about online security issues, the more vigilant we can be about protecting our data and personal information.