WordPress Security in 2016
Back to Basics: Planning Your Digital Marketing Campaign – Segmenting Data, Measuring Results, and Continuous Improvement
December 18, 2015
The Complete Guide to Ottawa Internet Marketing: 49 Ways to Market Your Business Online
March 10, 2016
Now, I’m not one to exaggerate, but to say that ABORG creates a ton of WordPress sites is an understatement. Now powering roughly 25% of the entire web, WordPress is the most popular open-source content management system out there, and our company is definitely no stranger to it.
WordPress is exceptionally easy-to-use and easy-to-customize to your exact liking, and contains advanced capabilities with over 20,000 plugins to compose any sort of functionality. It’s well-designed for SEO and stands the test of time through constant updates and the ability to be re-skinned.
So why is everyone talking security all of a sudden?
Well, the reason is that with fame comes notoriety! Since WordPress is so widely used by so many organizations, it makes it a popular target for hackers and mischief-makers. Here at ABORG, we’ve coded hundreds, if not thousands of WordPress sites, and it used to be that you could set a secure password and sleep easy at night. To many business owner’s surprise, 2015 reared its ugly head, and was a different beast entirely – half-shark, half-anaconda.
In the past, hackers might attack your site and maybe muck things up for a lark, but we’ve seen a significant increase in dangerous malware and ads being forcefully injected into the code of un-maintained sites.
WordPress is inherently very secure, but to take full advantage of this amazing Content Management System, you will most likely be installing third-party plugins. Using many plugins can obviously keep development-time and costs down, but it could also open the door for security flaws on your site. Why? Plugins are NOT written by WordPress and are not vetted by the hundreds of programmers that maintain WordPress. They are independent entities. However, it’s important to remember that not all plugins are bad. Sometimes, from a security perspective, it’s as easy as keeping them updated.
If you are the proud owner of a WordPress site, what can you do to protect yourself from the vulnerabilities?
Set a Secure Password
Do you know how secure your password is? Most people will use something that is easy to remember, or a word or phrase that has meaning to them. Just remember that any dictionary word or name, or any variation of the two can easily be hacked by a brute-force software, a program designed to attempt many different random passwords.
Let’s use a variation of the word “office” in the following example. You just created a new social media account, and you can’t think of a good password. You look around and think, “Hmmm. Well, I’m in an office, and it’s 2015, so I guess my password will be: Off1ce.2015!”
You would think Off1ce.2015! is super secure, since it has a capital letter, a combination of letters and numbers, and an special character.
Off1ce.2015! would take approximately 2 hours to crack by an average home computer using brute-force software. A more secure password would be something that has a long string of random characters such as: thg8PG()..233hjd. A password like that would take an estimated 10000+ centuries to crack, depending on computing power.
An excellent way to evaluate your password is by using a tool like this one: https://blog.kaspersky.com/password-check/
Change the Default Login Path
We make sure to always install a security plugin that changes the default login path, which is typically /wp-admin, unless it conflicts with something else. We rename the login path to something entirely different, for example /yoursite-login. This means that all the “malware bots”, the dirty site-crawling spam robots, won’t be able to find your login form and this greatly reduces random hacking attacks by up-to a whopping 99%.
Install Login Lockdown
Another useful plugin is Login Lockdown. This plugin limits the number of login attempts to a pre-set number. So even if someone randomly comes across your login form, they only have that pre-set amount of tries to guess your password. If you followed our recommendations for choosing a secure password, then they won’t be guessing it!
Update your Site and Plugins Regularly
This is perhaps the most important aspect of keeping your site safe and secure! Ensure that your webmaster or system administrator regularly updates your WordPress version as well as the installed plugins. New security flaws will be brought to light constantly, and updating your Content Management System will ensure that the proper security patches are applied. Of course, this can cause issues and conflicts that could potentially break your site, which is why we recommend that you coordinate these updates with the person or organization in charge of managing your site.
Don’t have the know-how or time to take care of all these things? ABORG can help! Contact us today to make your site more secure.
