ManageWP Australia - Maintaining WP Security

Security of your WordPress site is essentially about prevention of any unauthorised change that results in a loss of reputation, illegal or immoral activity, or misuse of resources.

Methods of WP Security Breach

Discovery of WordPress Admin Password

The simplest form of WP security breach is discovery of your admin password.  Once they have your admin password the unauthorised user can use your site to achieve any purpose they desire.  There are a number of ways the password may be discovered and the best defense is to use a complex password that does not include common words or dates and to implement SSL for admin access to encrypt communication between your browser and the server. To further improve security use a firewall that detects and blocks brute force login attempts.

File System Permissions

Another form of WordPress security breach is incorrect file system permissions on the hosting account allowing hackers to upload or change files on your server.  Any security solution must check that file system permissions are set correctly.

WordPress Code Exploits

The security breach affecting the majority of WordPress sites is through exploits in the WordPress core, themes, or plugins.  Hackers are continually looking for loose code or bugs that they can exploit to allow them access to your site.  Once the exploit is found the method is distributed to other hackers who set about scanning sites for the same exploit.  These activities are detected by security experts who then determine the target and alert the author and users of the security exploit.  Shortly after a new version is released to patch against the exploit.  The security solution involves updating as soon as possible after a new release of software.  Further enhancements in security are based around a suitable firewall to block exploit scans.

Security and WordPress Management

Maintaining WP security is not an activity that is undertaken when the site is initially developed.  It is an ongoing set of activities that involve detection, backup, update, and test.  In addition, old plugins or themes must be evaluated to ensure the developer has not abandoned the project leaving your site vulnerable.  Where an abandoned plugin or theme is suspected a suitable supported alternative must be found.

Other actions that assist with security include regular scanning and comparison of files with the stored versions from the developer, hosting on a secure server to avoid black bans on a shared IP address, and regular password changes.

The Costs of WP Insecurity

The costs of a hacked web site may be far reaching and could seriously affect your online reputation with customers and with search engines.  If you are black banned you can’t be found and therefore no business.  Most people think of a defaced web site but as you can see it could be much worse.  With the advent of ransomware security has now become more important than ever – a hacked web site is the perfect vector for infecting visiting machines with ransomware. Ransomware is where code is loaded on to the visiting device which then encrypts the file contents and demands a ransom to restore file access.

Please consider your WordPress site security carefully.  We provide a cost effective expert WordPress Management service to ensure your WordPress site is secure, managed, and performs well.  Contact us for more information.