WordPress has been always targeted by hackers because of its known vulnerabilities. These vulnerabilities does not limit only to WordPress core files but, most of the times, are the outdated plugins and themes. Securing your WordPress website takes time and should be done in a recurring process. Here are the steps you should take to protect your WordPress.
1. Harden the security of your WordPress.
This article from WordPress codex go through some common forms of vulnerabilities, and the things you can do to help keep your WordPress installation secure. Before proceeding to the steps below, I highly recommend that you follow all the listed steps in the article and execute them.
2. Install Wordfence
This plugin, available for FREE in WordPress plugin store, is a highly recommended security plugin for your WordPress site to help you secure your website. It offers multiple features such as scanning integrity of your WordPress core files, and as well as for malware vulnerable themes, plugins, etc. NOTE AND READ: Since this is a wordpress plugin, make sure you always update it.
3. Rename your wp-login.php
Another great plugin called Rename wp-login.php works to easily rename your wp-login.php which is highly targeted by spammers and hackers trying to get in to your WordPress. This plugin will rename your wp-login.php so you only you will know where to access admin dashboard. However, if you are using the WP comment system, the point of hiding the login page will make no sense because your commenters will have to login in order to comment. Thankfully, Shrewdies wrote a detailed guide to help us fix that.
4. Scan your website
After all the hard-work, you want to make sure your website is really secured. Sucuri SiteCheck provides remote scanning and will report to you if your website is free from malware, and other security flaws.
5. Stay up to date
Know the latest plugin vulnerability. Subscribe to Sucuri’s blog. Being the security firm that we trust, Sucuri’s blog are the most up-to-date when it comes to reporting vulnerabilities simply because… it is their business.
Thanks to Mark Magno.
There was a known plugin named Exploit Scanner that can help detect damaged files caused by hacks. Aside from this, you can consider the following:
- Change passwords frequently all users most Administrators and Editors.
- Modify also your FTP account’s password.
- Re-install the latest version of WordPress.
- Make sure all of your plugins and themes are up-to-date.
- Lastly, update your security keys.
It’s second semester again! Yes, I am ready! How about you my dearest students? Well, I welcome you all BSIT second year and BSCS third year for our first week of class. Don’t be absent or else you’ll miss half of our subject right away! Haha!
I hope that you’ll be more disciplined as we go on in our classes! Be positive. Be good. Be patient. Be punctual. Be industrious. And you will pass your subject, not only mine but to your other instructors.
A recent vulnerability affecting WordPress website users using Akismet version 3.1.4 and lower have been identified by Sucuri.net. The vulnerability is about WordPress “Convert emoticons like and to graphics on display“, said Sucuri.net on their official Security Disclosure.
Update as Soon as Possible
If you’re using a vulnerable version of this plugin, update as soon as possible! In the event where you can not do this, please contact Jolly Works Hosting Support.
More details of the vulnerability, please head on to Sucuri.net’s blog.
Cant See Secure Sites?
Problem with seeing secure sites such as banks and online stores? I found this very useful to me at my teaching work.
By the way, what u need to do is create a new NOTEPAD file and write in it the following DLL’s.. just copy-paste the following lines:
and save it as > all file types, and make it something like fixsecurity.bat.
Lastly, run the file that you created and nothing to worry ’bout visiting those secured websites.
Note: The author does not take any responsibility for your actions and not responsible for any damage caused by this tutorial.