Blog / WordPress and security

WordPress and security

by SW Team

As we told you a few days ago, it’s very important to feel safe in the Internet. In the net, an endless space where it’s becoming more and more normal to have your own little corner, being an essential part of our life and society. This popularity creates positive consequences but also negative: like attacks in our websites.

If you have a web page, you probably know already WordPress platform, a CMS (Content Management System) with its easy and popular interface you can edit and upload content to your page. Approximately, around more than the half of web pages done with this platform are vulnerable. In this post you’ll find why it’s vulnerable and make the most of it in a safe environment.

Vulnerability in WordPress pages doesn’t come from software errors in the platform: it comes from lack of knowledge by the users. It is indispensable that your page fulfills the requirements to avoid attacks of the known as ‘hackers’.

What can you do? We list steps to secure your page with WordPress:

1.            Shield your computer: it doesn’t matter which computer you use. Protect it with antivirus programs, system and software updates. Also, you have to avoid non-reliable downloading or installing software .

2.            Complicate your e-mail passwords and WordPress administrator’s access. If you’re one of users whose has as password ‘12345’ you can already change it and put minimum 15 alphanumeric characters, for example ‘0your_name#53|9!’.

3.            Install security WordPress plugins, for example WordFence or iThemes Security.

4.            Modify WordPress's login access: change administrator access (admin) with another name (‘hackers’ use this access to go first in their attack). Also, change the login URL.

5.            Change default tables prefix codes

6.            Plugins download: use a few, and the plugins that you use, upgrade them when it has to be (WordPress’s system will notify you if there’s an upgrade)

a.            Plugins that you not use anymore, erase them (you’ll have them installed and their code can be used to harm your page)

b.            Use good reputation plugins, created by a company that you can contact anytime

7.            Don’t trust any free themes or templates, especially if they are copies of themes and templates with a charge.

Furthermore, if your web page is relevant or very professional, we not recommend you to be in a shared server. Why? In these, it doesn’t matter if you accomplish all the steps to be 100% secure: if there’s another negligent user with its page and is attacked, your page (hosted in this server) will be exposed to the attack (and your data too). Your budget has to be at the same level that your page is: if you need a high security level, you must be disposed to do it to the maximum, investing in a private server or a Cloud. Your page will be in a safe environment.