Setup and Secure WordPress - Common WordPress Security Mistakes (Part 1). Many people put in a lot of time, work and often money into their website or blog to get it user-friendly, and also run smoothly. In this article we try to help you Avoid the most common security problems. We will advise you regarding some of most popular security oversights individuals make. Here are some WordPress security Oversights to Avoid, enabling you to Setup and Secure WordPress better. 1: Hosting, WordPress security starts with the hosting environment. According to Jane Williams, the author of WPMasterControl ( A Windows software app that does it all -Install WordPress, Setup WordPress, Secure WordPress, Update WordPress, Setup Backups. WPMasterControl will even install themes and plugins, whats great about it is you can use it on more than one online site after adding the internet sites to it and that alone makes it a total time saver, great for newbies or advanced users.) who's company has over 10 years experience providing clients with hosting and security consulting, over 40 percent of website hacks happen due to insecure servers. You wouldn't believe how many clients they have had to rescue from big name hosting providers providing totally insecure shared hosting, vps's and dedicated servers. The most awful point is the consumers strongly believe that they remain in safehands, and yet when everything goes wrong they are actually no where to be seen. You can see the need for quality hosting to make sure your site is secure. Sadly, hosting is one of those areas in which you get what you pay for a lot of the time. As Jane said and i simply cannot stress sufficiently, with poor quality hosting companies you often have security which takes alot to be desired to begin with and then no support the moment things goes wrong. Because of that i can not point out enough you ought to think about your hosting as a company investment. Specifically given that for a hack to become successful your web site might just not of been really the focus on and yet caught up in automated scripts searching for exploits as when you are on a shared hosting environment alot of the time once one of the web sites is compromised the others might just be taken down as collateral damage. 2: Failing to Keep Up to Date If you have been working with WordPress for a while, you will be aware that the platform is regularly updated. Later versions of WordPress will auto update minor updates. Be aware though that major updates can cause conflicts with plugins and themes. Vulnerable plugins and themes account for the majority of all hacked WordPress websites. Here again is where WPMasterControl comes in, not only will it auto update all your plugins and themes it has already made a backup you can restore if such a point was to happen. Totally takes the headache out of WordPress niggles in many ways. 3: Using weak Login Information. Weak passwords and admins using the name Admin unfortunately are not uncommon. Login security is another common WordPress security oversight. Most hacking attempts are automated. Nobody actually accesses your website and painstakingly tries out usernames and password combinations manually. Instead, they use automated scripts that systematically try to "brute force" the details using common dictionary attacks, much faster than the amount of time than any human ever could. So you should do factors like Limit the number of users with administration rights. Not everybody on your website is worthy of to be capable to perform whatever they want. In the event that your online site currently has an admin user, make sure you change it immediately. Always use strong passwords. I use a great program called Roboform, it is on all my devices and stores all my passwords safely so i have them where ever i am. Limit login attempts to stop brute force attacks (If you are using WPMasterControl by now, it does that for you too), it's a good idea to limit how often someone can try to log in to your website before being banned. Many security plugins offer this feature but you can also use WPMasterControl to take care of it all and on autopilot too.-- For extra security your may in addition think about moving your login web page to a new location. There are plugins with regard to this inside the WordPress repository, additionally yet another good technique is actually to password protect the directory/ folder wpadmin (you can do this in cPanel or your hosting provider panel usually quite easily). I hope you have enjoyed part one. To Be Continued in ... "Setup and Secure WordPress - Common WordPress Security Mistakes (Part 2)". Edit: Lots of folks have asked me about WPMasterControl. Thanks for reading. |