Website Security Is Fluid
It’s definitely not just installing a plugin and then forgetting about it. It’s a constant battle to outwit those who would like to gain access to vulnerable information. There are different areas of your site that can be vulnerable if not secured.
Today, we’re going talk about those different areas and why and how you need to keep them locked uptight.
Insecure Webhosting –
WordPress sites are hosted on a web server. Some hosts do no properly secure their hosting platforms. This makes all websites hosted on their server vulnerable to hacking attempts.
Using those bargain web hosting companies who don’t have the assets to protect your property can really hurt you in the long run!
Using Weak Passwords
You have different passwords for different parts of your site and all of them need to be kept secure. Below is a list of passwords that need to be checked and possibly changed.
- Your WordPress Admin
- Web Hosting Control Panel
- FTP Accounts
- MySQL Database used for your site.
- Email Accounts are used for WordPress admin or hosting accounts.
Unprotected Access To WordPress Admin (WP-ADMIN DIRECTORY)
This gives a user access to perform different actions on your site. It is the most commonly attached area of a WP site.
Incorrect File Permissions
Are a set of rules used by your web server. These rules s help your server control access to files on your site. Incorrect rules can give a hacker access to write and change those rules. Here’s a great article on WP BEGINNER on how to change these!
Not Updating WordPress
Each new version fixes bugs and security vulnerabilities. If you don’t update you leave those vulnerabilities.
Not Updating Plugins & Themes
Same as updating WordPress. Not updating plugins and themes is dangerous can leave your site weak.
Using Plain FTP Instead Of SFTP/SSH
You should always choose SFTP access instead of FTP it is much more secure.
The key difference between FTP vs SFTP is that SFTP uses a secure channel to transfer files while FTP doesn’t. With SFTP, your connection is always secured and the data that moves between your FTP client and your web server is encrypted.
Using “Admin” As A WordPress Username
Never use “ADMIN” you should always use something unique. Enough said!
Nulled Themes & Plugins
Never use plugins and themes from unreliable sources. Malicious code can be put into either that can give a hacker access.
- You Don’t Know What Else Is in the Code
- Developers Need Money To Continue Improving Their Products
- You Won’t Get Any Support From The Developer
- You Won’t Get Any Automatic Updates
Not Securing WordPress Configuration WP_Config .PHP File
Wp_config contains your database login credentials. To keep that from happening add this piece of code.
The WordPress wp-config. php file contains very sensitive information about your WordPress installation, such as the WordPress security keys and the WordPress database connection details. You certainly do not want the content of this file to fall in the wrong hands, so WordPress wp-config. Here is a great article on how to secure these important files.
Not Changing WP Table Prefix
Change the wp_ prefix. Here’s a link that will take you to a blog post that will explain how to do this if interested.
The most important part of my job is to make sure your website stays safe, secure and user friendly and I take that very personally. If you’d like to have one person to go to with all of your website issues then let’s talk! Schedule a free consultation today!