I’ve recently seen many websites getting hacked and want to your opinions or ways that you use to secure your website. How do you protect your blog/website whether it’s Wordpress, Joomla, Drupal or custom.
Drupal guys I need you!
As an admin of a Wordpress CMS powered website, I wouldn’t claim to know it all, but I know it starts with computer security of the admin, you know, keyloggers and all. Then there is updates. They need to be very on point. Cloudflare does it’s work of protecting you from hack attempts, blocks DDOS while at it. You also need a good host, (I don’t know how one would do this part by themselves) to know when there is a DDOS attack and block the IPs responsible from accessing the site.
Hmm… that makes sense. Is there any plugin or something you use in Wordpress?
Not exactly, Akismet does protect us from comment spam which can also be used to take a site down.
You may want to check out Vaultpress…
Yes, good one… spam!
Good one too! Vaultpress seems very useful. Is there any specific way you protect your backend?
Like denying access etc.
You can add something like this
How would you do that?
Thanks! sorry for the delay, my exams just got over.
WordPress hacks most of the time occur from security vulnerabilities from plugins installed. These hijackers are able to penetrate your installation and then get access to your CPanel account and do more damage by uploading scripts to the CPanel Instance (If your WordPress is running via CPanel ).
- Ensure your WordPress installation is updated to latest version possible along with its plugins. That way you’ll already have vulnerability patches.
- Avoid using easy passwords like admin2015. Have a complicated password like cH!zI_2%15.
- Try and use an encrypted connection to encrypt communication between your browser and WordPress Server. although the probability of your WordPress installation being snooped for clear text authentication over the internet would make you a high target.
- Remove unnecessary plugins.
- If your WordPress is running from a CPanel instance, ensure they are up to date - If not consider moving to a host who takes updates seriously!
And as @martingicheru says watch out for software on your PC that installs key loggers. Be careful not to repeatedly click Next when installing software since they come bundled with annoying Browser Addons that mess up your browser’s appearance and settings.
Not a WordPress Pro but I’ve saved a few friends with these tips!!
Thanks! I’ll keep these points in mind when using wordpress. I’m not a pro too.
you can secure your website by having the secured hosting server and SSL certificates
The following steps will help you secure your website in a better way
- Install SSL– buying a simple Secure Sockets Layer certificate is a crucial first step.
- Use anti-malware software – to scan for and prevent malicious attacks.
- Make your passwords uncrackable – 123456 won’t cut it!
- Keep your website up to date – using out-of-date software is like leaving your back door unlocked.
- Don’t help the hackers – look out for phishing emails and other scams.
- Manually accept on-site comments – keep control over potentially dodgy comments.
- Run regular backups – to prepare for the worst case scenario
Use these steps to protect your website from hackers
If you website is in wordpress then you must use wordfence plugin which helps you preventing with unknown attacks.
Wordfence plugin is available in free as well as paid version.