3 Tips for improving WordPress security

No system is fully secure, WordPress included. No matter whether you’re running a website for your small business, a personal blog, or online resume and portfolio, ensuring your site is secure is extremely important. Here are three easy tips to follow to improve WordPress security:

Don’t use the default admin log-in credentials: This is a simple, but very often overlooked security flaw among amateur web masters. Almost every system uses “admin” as a default username. If your log-in credentials are the same as almost every other system out there, it’s very easy for just about anyone to get access to your system. You can change your administrator log-in credentials through your WordPress admin panel.

Back up your site regularly: If your site is compromised, having plenty of back ups ready allows you to get back on your feet much more easily. Imagine if you haven’t backed up at all and have to rebuild your site from scratch! Regular back ups are a major foundation to running your website in general – you should back up your site before making any major changes to your site.

Always use the most current version of WordPress, themes, and plug-ins: Just as hackers are constantly looking for weaknesses in WordPress and its plug-ins to exploit, the developers are developing patches for these exploits. Using an outdated version of WordPress, a WordPress theme, or plug-in leaves vulnerabilities in your system that can easily be exploited by a hacker.

If you need help with any of these, or need a professional to host and run your WordPress website, contact us!

4 Things to do Before WordPress Updates

Keeping on top of WordPress updates is extremely important, patching security holes, fixing bugs, and improving user experience. Before updating your WordPress installation, though, run through this quick checklist to make sure you got everything right.

Check WordPress Update Requirements: Make sure your web host has the most current versions of PHP and MySQL/SQL Server before updating. This is especially important if you’re your own webhost!

Don’t forget to check the official WordPress requirements page as well to make sure you aren’t missing anything.

Update Themes and Plug-ins: It normally takes a little time after a WordPress update is released before theme and plug-in developers release a version compatible with the new update. In some cases, you may have to wait a few days before your themes and plug-ins will be compatible. In worst case scenarios, a theme or plug-in you’ve used for a long time will not longer be supported and you will have to find a replacement that is compatible with the current WordPress update.

Back Up your Installation: This is the most important step! Always back up everything before making any major changes to your site. You can back up your database via your cPanel dashboard or PHPMyAdmin, and make sure you back up your themes and plug-ins as well. You can do this manually by exporting all content from your Dashboard, or you can use a specially designed back-up plug-in.

Deactivate your Caching Plug-in: If you have W3 Total Cache, Super Cache, or other caching plug-ins installed, deactivate them before starting your update. These plug-ins sometimes cache maintenance pages and interfere with the update process.

Be sure to check after your update if your caching plug-in is reactivated. Some plug-ins do this on their own, but others do not.

That’s It!

Now you’re ready to update WordPress. Make sure to double check that all your themes and plug-ins are working properly after the update, and reactivate any plug-ins you deactivated during the update process.

If you’d rather someone else handle your WordPress updates, security, hosting and backups, contact us today. We offer WordPress support plans starting from $15 per month.

WordPress – A Target for Viruses

According to a Forbes report, published in December, 2014, WordPress is now the most popular web page development and CMS system on the internet. WordPress is an open source system, available free, that makes creating a blog or webpage relatively simple. The system provides creation tools and a growing number of plug-ins that enable businesses to operate state of the art websites. There are at least 60 million websites created with WordPress. That is one in every six websites in the world.

Because the code for the software and the plug-ins are open source and because the program is so popular, the makers of malware have found it a valuable target. In particular, hackers have targeted the system of plug-ins that accompany the main program. According to Matt Johnson of the Threat Research Center for Threat Research Center for WhiteHat Security, plug-ins are “inherently more insecure and harder to keep up to date as opposed to WordPress core.” One particular plug-in called “RevSlider” seems to be particularly vulnerable to infection.

Recently, a piece of malware called “SoakSoak” became the latest malware menace to take advantage of these vulnerabilities. SoakSoak scans for websites with older editions of RevSlider, then changes its JavaScript swfobject.js file. This disrupts website functioning by directing users to a SoakSoak domain. The malware infects the website host and any user that enters the infected website. It is difficult to remove. As of mid-December, 2014, the circle of infection has now spread to over 100 thousand websites. In an attempt to curb the spread of infection, the Google search engine has recently blacklisted affected WordPress domains to keep users from finding those sites. This could mean serious losses for thousands of companies depending on their websites. If there is a concern about Google exclusion, experts advise that users check with the Google advice page to find out how to get off the blacklist.

Keeping WordPress sites up-to-date is the best protection against malware.

  • Ensure that the plug-ins used are all legal. Plug-ins downloaded from free sites can contain malware.
  • Maintain the plug-ins. Use only the most recent versions.
  • Make sure to back-up sites in a healthy state. If a site becomes infected, the best course may be to take the whole site down and re-install the back-up.

WP Support HQ offers programs of full WordPress support and backup. We take care of all the steps you need to keep your website running safely. If you are using WordPresscontact us.