There has been a lot of attention this week on a global botnet attack targeting WordPress websites. Many web hosts are seeing an increase in attempts to breach WordPress with a fairly basic dictionary attack. A botnet is a program that runs from thousands of infected computers looking for vulnerable websites. The current ‘brute force’ attack attempts to login to the ‘admin’ user name using variations of common passwords or dictionary based words.
By default WordPress sets up a ‘admin’ user name. Create a new user name with administration rights and then delete the ‘admin’ one. When asked remember to allocate all your posts and pages to the new user name, rather than deleting them along with the user name. Here is a great video from Lynda.com that explains how to do this.
If you can remember your password it is probably not secure enough. A ‘dictionary attack’ basically works its way through common words based on the dictionary, hence the name. If your password does not contain a real word then you are already more secure than most WordPress websites. There is a great post from WordPress.com about creating secure passwords.
There are a few interesting security plug-ins for WordPress that can also help to protect your website.
Bad Behaviour – a free plug-in that helps to secure your website and blocks known blacklisted IPs. I use this one on all my WordPress websites.
Better WordPress Security – also has consistently good reviews. However, it is not one I have personal experience of.
There are regular updates to help combat any security vulnerabilities. Always keep up-to-date. This includes updating your plug-ins.
A theme is the design and layout of your WordPress site. A good theme will be flexible enough for you to insert logos and change colour schemes to reflect your brand. It will also be built with security in mind. You can download new themes from directly inside the dashboard of your WordPress site. Always click on the ‘details’ link before installing a new theme to check out its credibility and compatibility with your site. There are a lot of free themes of varying quality.
It is worth spending some time as this will control the design and have major control over your visitors experience while visiting your site.
Plug-ins are extensions to the functionality of WordPress. They can range from inserting code for Google analytics, linking to your social media accounts or even a shopping cart to turn your site into a fully functional on-line shop. There are a lot of free and commercial themes.
Before you update you site, always backup your files and database. Back-ups can be done manually or by using a plug-in. Regularly backing up your website will also ensure if you are ever hacked it is easy to return to a clean version of your website.
These are just a few of the resources that I find useful. I’m sure as you research you will find many more.
Hardening WordPress – Slightly technical but well worth a read
Line and Form are Nottingham based WordPress Experts
Don’t hesitate to get in touch via email at [email protected]