Making your site secure and keep it going you have to consider some of the loopholes in your general practice of managing the site and take certain measures to prevent it.
Generalizing things are not always cent percent correct with everyone but still it helps in averaging out the facts.Mostly there are few points that we overlook while and after creating a website that puts it on the high risk. Here are some of the general risks along with their prevention that you can follow to secure your site,
1) Uploading malware using WordPress media upload feature
It is one of the easiest way of infecting your site with malwares if you have not taken proper measures to secure your site. /uploads/
directory is the weakest link of the WordPress. Here we can say that its strength has become its weakness too. But it is possible to be safe with some preventions as mentioned below.
What prevention you can have?
There are some really nice plugins that can help you take prevention as mentioned below,
1) Sucuri Scanner – SiteCheck Malware Scanner – Sucuri SiteCheck will check your site for malware, spam, blacklisting and other security issues like .htaccess redirects, hidden eval code, etc.
2) Anti – Malware (Get off Malicious Scripts) – It automatically removes known threats, upgrade vulnerable versions of timthumb to patch security holes, patch wp-login.php to block brute-force attacks, customize Scan Setting etc.
If you are good with code and want to create your own function that controls the malware attack, here are the steps that can help you get started,
- Create a file with a code to remove malware under your current theme’s root folder.
- Set the “cron job” function using cPanel (give the full path of your file that you created while setting cron job) that executes your above written code at your specified regular time interval which will check for all the files in your uploads directory and remove the malwares if found.
2) Ignoring the usage of current and updated versions of software/platform
Most of us generally put lot of efforts while creating a website noticing and fixing each things on the site, right from the look of the site to the length of the content on it but somehow we lack the same enthusiasm once the site is built and running well. For example, ignoring WordPress version updates, using outdated theme and/or plugin versions. It seems quite small and simple thing but overlooking it may result in any kind of malware attack to your site as it is very easy to extend WordPress using hooks and attach an infected code in the older versions.
What prevention you can have?
It is simple, stay updated with all your software you are using for your site including WordPress. WordPress development team and other software (theme/plugins) teams generally are engaged in making their application more and more strong (in terms of security) and easy along with some needed features included in their newer versions that help in reducing the security breaches.
3) Poor credential management
This reason seems quite known and feel that it doesn’t exist anymore; but fact is that it does exist still. We often either use the “admin” or such generic usernames and/or easily guessable passwords or for any purpose when we allow access of our WP-admin back-end/ FTP credentials, we lay everything in their hands and sometimes do not even change the credentials after the work gets over!
What prevention you can have?
- Do not use generic credentials
- Always know who is accessing your environment and verify what has been done or included there by them.
- Use 2 factor authentication. (Tip: There are so many plugins available on this, you can go for them as per your need)
- Keep changing your password at regular interval.
General Tips
Apart from the above said few preventions, here are some general tips that can help you strengthen your site’s security,
- Manage credentials well taking some preventions said above
- Always have a backup; you never know when you’ll need it.
- Connect securely to your server. prefer SFTP and SSH .
- Go for the secure and trust worthy server. (Take a look at our recommendation. It may help you make your way easier)
- Stay updated with all the software (theme,plugins etc) that you are using for your website including WordPress.
- Block suspicious IPs
Any Queries? Contact us and we’ll help you out.