WordPress Security (Part one: Basics)

WordPress logo

Whether your company owns a huge banking website or a one-page information website, you’re vulnerable to hacking. To some, hacking is just an amusing game to prove to themselves and others how smart they are. But many instances of hacking are financially motivated.

Open-source websites are considered the easiest to target, so people working on these systems should be more cautious.

Most data breach victims fell prey because they were found to possess an (often easily) exploitable weakness rather than because they were pre-identified for attack; 79 percent of victims were targets of opportunity, and 96 percent of attacks were not highly difficult.

2012 Data Breach Investigations Report (DBIR) Verizon Business, April 2012

Open-source websites can be every bit as secure as websites built on proprietary systems, but it’s essential to be proactive. Here are some of the first steps non-developers need to take to secure a WordPress website:

  • Select a good hosting system. Make sure you choose a hosting company that will offer support and a secure server. Avoid options offering servers shared with other hosting companies – such options make it easier for hackers to attack your system, either using scripts that run on other websites using the same servers or via your email system.

  • Check your themes and plug-ins. Some plug-ins that appear genuinely useful may hide coding that makes it easy for hackers to access your site. Always download your plug-ins from reputable sources and check the reviews and scores given to them.

  • Admin security:
    • Always keep your WordPress installation up to date
    • Give your database a prefix OTHER than the default ‘wp_’
    • Secure your passwords by generating hashed passwords
    • Rename the ‘wp-admin’ folder and always delete the default admin user
    • Set file restrictions for your .htaccess file

These basic security techniques will give you a more secure WordPress website.

Building a website can be a bit of a minefield. If you need any help, the friendly digital team at Oculus is always on hand to offer advice. Give us a call on 0118 958 9815.