Top 9 Changes to Easily Secure Your WP Website

in #wordpress7 years ago (edited)

Attackers use certain exploits in software. This is a well-known fact that everyone is aware of throughout both the multi-media and IT-security industries, and just mentioned for reference purposes here.

Standard software or at least popular pieces of software deployed by large number of users are particularly vulnerable as attacks will render a significantly higher return for the malicious actor — think allocation of resources: the bigger the target the more attractive it grows from an attacker’s point of view.

This does absolutely not mean that one needed to avoid popular software like WordPress for content management, nor avoid any other widely-used solutions. (That would be “Security by Obscurity” which does not usually cut it, anyway.) All this just explains why you might want or rather need to stay informed about existing vulnerabilities (or, if you don’t have the time or expertise for that, trust the developers of a widely-used package you happen to run as well to fix any security holes, so you need to simply update to the latest and “best” version of it).

Beyond this, you might add some common-sense measures along these lines:

  • do not use trivial passwords (no need for overly fancy ones either)
  • watch your server logfiles for latest goings-on on your website
  • respond accordingly, if you detect any irregularities
  • these usually include login attempts to “standard user IDs” (such as admin)
  • change your Administrator account to a different user ID
  • avoid your own domain name as a user ID (script kiddies try to brute-force that name regularly)
  • deploy some security features (most CMS-es have special security add-ons, “plugins”, or packages)
  • set those packages correctly (a fire extinguisher is of no use, unless you know how to handle it)!
  • make frequent backups so you can recover in case of an attack

With just this handful of common-sense procedures or reasonably easy-to-use add-ons, your website should be safe and run for years without any successful attacks or even serious-enough incidents (almost-successful attempts) whatsoever. Attackers aren’t that smart. Very often, they are just kids having gotten hold of some password-cracking script or similar tool (hence called 'script-kiddies'), but even 'full-timers' among the malicious attackers species are not always of the smart kind either...

Just stopping their most stupid attempts usually leaves them clueless, moving on to easier targets, and leaving your website alone without further intrusion attempts.

Upvote this post only if you happen to like it!

Visit my D.Tube videos: http://d.tube/#!/c/marquix

Also feel free to follow me on Steemit -- you can find my profile here, https://steemit.com/@marquix or visit http://marquix.net/video which is my IT & Photography/Video gallery website.

Thank you for stopping by...