WordPress security is often a neglected concern for new WordPress users. The " Hacking Is for them something that they read, but that they do not conceive possible to happen to them. SQL injections, XSS, escalation of privileges and critical security vulnerabilities are therefore just buzzwords in new technologies.
But things must be different. WordPress security is fundamental: Every WordPress site must be fully and properly protected.
It is therefore essential as a WordPress site owner to know what to do to protect your blog from attacks.
I just started, I think my blog will be spared
If you think so, you will run into severe difficulties even before you have won anything with your blog. Hackers don't manually search for your blog, nor do they need to harm you directly.
Usually, "hackers" use automated scripts that search blogs. If a link to your site appears in a forum, another blog or even in a social network, this link can be exploited to reach your blog.
The general goal of hackers is to be able to use your accommodation to do something else. It is therefore in your interest not to neglect this aspect.
Every blogger's "TODO list" in terms of security
You already know that your blog will not be spared. What then can you do?
We have prepared a list of recommendations (it is also a reminder for all those who follow us here on BlogPasCher), which you should do to better protect your WordPress blog.
1 - You must always have an updated version of WordPress
Time and again, you will read comments about bloggers who refuse to update their version of WordPress, because they are afraid that this update poses a compatibility problem.
In 2016, it is unfortunate to see that there is still this kind of mentality.
If you had to choose between a hacked site and a plugin that does not work momentarily, what will you choose?
Plugins that are incompatible with the latest versions of WordPress may remain so for a short period of time, yet a hacked site, on the other hand, is a much bigger problem.
Each update of WordPress corrects recently discovered security issues. If your version of WordPress is not updated, your site will be vulnerable to flaws.
Learn How to Manage WordPress Updates
2 - Do not modify the source code of WordPress
From the moment you or a WordPress developer modifies the system files of WordPress, you will not be able to easily and automatically update WordPress to its latest version, since you will lose the changes made to your site.
This will leave your website vulnerable to security issues discovered on the version of WordPress you are using. So you will need yourself patch 'The various vulnerabilities, and I doubt that tonight an easy task. A saying among the developers of WordPress says: Never change, for any reason, the source code of WordPress. When you do, a little kitten on earth dies.
It really does not make sense, but it must be understood that WordPress is so flexible that it allows the plugin to modify its behavior without touching the source code.
3 - Make sure you always have updated plugins
As with your version of WordPress, vulnerabilities are often found in WordPress plugins. There have been many cases of hacking of WordPress blog related to the vulnerability of plugins.
Most software is prone to these issues at some point in its existence. The way in which vulnerabilities are handled shows the seriousness with which some companies run their businesses.
In principle, as soon as a problem is discovered the developers of the plugin will quickly correct it and offer an update.
Discover how to automatically update plugins
4 - Remove plugins you do not use
The more plugins you install, the more vulnerabilities your blog exposes.
Sometimes we install plugins to test their functionality, and forget to remove them. If a vulnerability is discovered on these plugins, your website will automatically be vulnerable, even if the plugin is not really used.
If you do not use a plugin, delete it. Also be sure to always keep in mind that plugin testing can be done locally.
How to uninstall a WordPress plugin
5 - Make sure your theme is regularly updated
The same logic that applies to updates of WordPress and its plugins, applies to its themes. Securing WordPress means that all themes need to be updated to their latest versions. Otherwise, any security vulnerabilities that have been fixed will remain a problem for you.
Now you can probably think that all the changes you made to the theme will no longer be available after the update. In principle, the modifications on a theme must necessarily be done by a child theme, rather than directly on the parent theme. This will allow you to get the latest patches and security updates without removing your changes.
6 - Install plugins and themes from a trusted source
Sometimes when times are tough we might be tempted to "bypass" paying for a good theme or plugin, and get it for free from a bad source.
In fact, there is no harm in indexing a source here. Piracy, torrents, and other sources that offer paid software for free are something you should absolutely avoid like the plague.
What we do not usually realize, however, is that many of these hacked themes downloaded for free have been maliciously corrupted. Mostly a " back door Was installed in the script. This allows the site where the theme or plugin is used to be remotely controlled.
So you need to make sure you download as many free themes as possible WordPress.org, or premium themes on sources like " Themeforest ».
7 - Use strong passwords
Many bloggers are negligent at this level. If your password is easy to guess, then you're in serious trouble. The most commonly used passwords are:
- 123456
- admin
- 0000
- Password
- Secret
It's horrible to notice that. You can not consider working seriously on your blog, if your password is not.
The protection of a blog is also having a reliable password.
8 - Limit connection attempts
We have already discussed the cases of brute force password attack and the fact that using bots is cheap and very accessible for your hackers. For this reason, you must put in place mechanisms to block any attempt at brute force attacks.
The plugin « Limit Login Does exactly that. If it detects a number of incorrect login attempts, it prevents that user from logging on again. This, of course, makes attempts to brute force attacks difficult to put together and protects your blog better.
9 - Make backups
I have listed a list of things you should do to secure WordPress and understand that it can be somewhat difficult to put into practice. I also know that, you might forget to put together.
But there is one task that you should not skip: make backups of your blog.
The one thing you should never forget to do is have a WordPress backup plan. Not only in the event of attacks, but even in the event of accidents, technical failures and other mishaps, having a backup ensures that you can easily get back on your feet.
Snapshot Pro is like a time machine for your website, allowing you to back up and restore your entire site and even schedule regular automatic backups.
10 - Activate Google Search Console
While this isn't a strict recommendation over WordPress, it's still something you should consider as a supplement to the various recommendations on this list.
Google and other search engines always want to make sure that your website is free from any threat to search engine users. It is for this reason that Google will notify you if it notices anything abnormal on your website.
This practice will allow you to properly restore a website that has been "Hacked", especially since Google hides from its results any site that represents a threat to these users.
That's all ?
No, the list is not exhaustive. There are many things you can do to better protect your blog. But this is the first step.
