Overcoming WordPress Security Issues
There has been a lot of news recently about a number of Cyber threats the UK is subjected to on a regular basis so much so the Government has recently set up National Cyber Security Centre - part of intelligence agency GCHQ.
There also has been a lot of news this week about WordPress sites been defaced, hackers exploited a known vulnerability to target websites running the popular CMS platform to learn more about this see the write up of the problem at Wordfence.com security provider for WordPress sites.
Minimising the Risk
So how can you minimise the risk of your website getting hacked?
- Just like you do with your PC ensure that your WordPress is at the newest level. Have your website developer check your WordPress install and all its associated plugins so that they are at their newest versions. Try and get into the habit of checking and updating your WordPress version in a scheduled fashion, i.e. at least once a month.
- Don't use the standard admin account names i.e. admin or administrator. Set up several user accounts assigning the correct permissions, i.e. If a user is only posting new posts or editing existing ones user permissions should be set to author or perhaps editor. Try and only use an account with admin privileges for site changes such as installing or updating plugins etc.
Wordpress User Roles in Summary:-
Administrator – somebody who has access to all the administration features within a single site.
Editor – somebody who can publish and manage posts including the posts of other users.
Author – somebody who can publish and manage their own posts.
Contributor – somebody who can write and manage their own posts but cannot publish them.
Subscriber – somebody who can only manage their profile.
Read more about wordpress user roles here.
- Make sure you regularly make backups of your website, possibly the most important action should take. This can protect you not just from getting hacked but if something were to ever go wrong with your site,
- If any plugins are not been used deactivate them, also in a similar vain if the plugin appears not to be developed anymore it should be replaced with another newer plugin with similar functionality.
- Install one of many security plugins and consider running your site through a service such as Cloudflare.