Stacy Duval

Website Design and Digital Marketing

  • Home
  • Services
    • Website Development
    • Website Maintenance
    • Website Training
  • Portfolio
  • Blog
  • Tutoring
  • Contact

March 24, 2014 by Stacy Duval

WordPress Site Security

When I develop a site for a client, one of the things I talk about upfront is maintenance. Maintenance includes content updates as well as what I call security. All sites are vulnerable to being hacked but there are ways to reduce your risk.

Update

One of the great things about WordPress is it is constantly being updated. Many of the updates are security updates only. This means a vulnerability has been found nad the update fixes the problem. Not only WordPress but updates to plugins and themes as well must be updated frequently.

Setting up User Accounts

Hackers try to get into your WordPress account in many ways. One of the most common ways is through password phishing. Some procedures around User Account maintenance can reduce your risk:

  • Delete accounts not in use
  • Only use Admin accounts for administrative tasks
  • Use Editor, Author, Contributor and Subscriber Accounts

On the Server

  • Delete accounts not in use
  • Set up FTP accounts as SFTP
  • Disable password Authorization and use Key Pairs

WordPress Login

  • multi-factor authentication on wp-admin
  • two-factor authentication on wp-login.php

Password Management

  • 15 character password – this will take 3 months to crack
  • Make your passwords long, complex and unique
  • Use Password Managers such as LastPass
  • Come up with a scheme for passwords- Example of a scheme is to remember 20 characters, prefix the characters with the site name and end the sequence with some date.

Technical Methods for Reducing Risk

  • Kill Php Execution in the WP-Includes, WP-Content and Uploads Folders
  • <Files *.php>
    Deny from all
    </Files>

  • Modify the Wp-Config.php by Disabling the Plugin / Theme Editor
  • Define('DISALLOW_FILE_EDIT',true);

  • or disable the plugin / theme updater and installer
  • Define('DISALLOW_FILE_MODS',true);

Use Plugins

  • Sucuri Security Plugin
  • Theme-Check
  • BackupBuddy
  • Akismet
  • Limit Login Attempts
  • Wordfence
  • Activity Monitor

Support Forums

  • Hacked
  • Malware
  • Badware Busters

Online Resources

  • Sucuri Blog
  • SiteCheck Scanner
  • Unmask Parasites
  • Perishable Press
  • Secunia Security Advisories

Filed Under: Web Design Tagged With: maintenance, security

Recent Posts

  • How to Write Your Content
  • Free Online Tools I Use All the Time
  • How to switch your WordPress site from HTTP to HTTPS
  • Unlocking a locked Gravity Form
  • How to add a Math Challenge Question to a Gravity Forms Contact Page

Contact Stacy

707-849-2702

Recent Posts

  • How to Write Your Content
  • Free Online Tools I Use All the Time
  • How to switch your WordPress site from HTTP to HTTPS
  • Unlocking a locked Gravity Form
  • How to add a Math Challenge Question to a Gravity Forms Contact Page

Copyright ©2016 · StacyDuval.com