Unless you follow the tech news, you may be unaware that there is currently a global attack under way on WordPress sites. The aim of the attack seems to be simple; Use low powered computers to gain access to low security WordPress sites, and through these to hack the powerful servers on which they are hosted. Thus providing a much more powerful platform to attack higher security sites in the future. “So what” I hear you say, “has this got to do with me?” The fact is that WordPress is used to power over 60 million sites worldwide, and there is a fair chance that it also powers yours! At this point I should stress that you don’t need to panic. If set up correctly, and properly secured, WordPress is a VERY secure platform and is unlikely to be vulnerable to the current attacks. What’s more securing your site is a simple process (one which has been applied to ALL the sites that we manage). The steps to securing your site are as follows:
- Ensure that the core WordPress files and all plugins are fully up to date.WordPress is constantly evolving, and any security loopholes that are identified tend to get plugged very quickly, so keeping your site updated will go a long way to keeping it secure.
- Install a security plugin like WP Better SecurityThis type of plugin will manage the process of securing your site, and will allow you to implement various levels of security. As a minimum you should use this to make sure you are not using the default “admin” username as a login (this one simple step will pretty much protect you 100% from the current attacks).Other things that are worth considering (all of which can be handled via WP Better Security) are :
- Change the URL for accessing the admin system from the default /wp-admin/
- Force admin logins to use a strong password
- Change the prefix for the WordPress database tables from the default (wp_)
- Back up your site regularlyDo this, and in the unlikely event that you do fall foul of a hack (No site can be 100% secure) you will have a simply process to recover from it. Again, the back up process can be handled by a plugin. Two we use are WP Back up to dropbox (Great if you use dropbox) and BackWpup, which is a little more flexible & allows backup to a number of locations including email.
Follow these simple steps and the chances are you will be safe from this and any other cyber attack. If you would like advice on the security of your WordPress site get in touch.