flatlay blue desktop

Website Security Is Fluid

It’s definitely not just installing a plugin and then forgetting about it. It’s a constant battle to outwit those who would like to gain access to vulnerable information. There are different areas of your site that can be vulnerable if not secured.

Today, we’re going talk about those different areas and why and how you need to keep them locked uptight.

Insecure Webhosting –

WordPress sites are hosted on a web server. Some hosts do no properly secure their hosting platforms. This makes all websites hosted on their server vulnerable to hacking attempts.

Using those bargain web hosting companies who don’t have the assets to protect your property can really hurt you in the long run!

screenshot of hostgator web hosting pricing

Using Weak Passwords

You have different passwords for different parts of your site and all of them need to be kept secure. Below is a list of passwords that need to be checked and possibly changed.

  • Your WordPress Admin
  • Web Hosting Control Panel
  • FTP Accounts
  • MySQL Database used for your site.
  • Email Accounts are used for WordPress admin or hosting accounts.

WordPress login page

 

Unprotected Access To WordPress Admin (WP-ADMIN DIRECTORY)

This gives a user access to perform different actions on your site. It is the most commonly attached area of a WP site.

12 tips to secure your wp-admin section

Incorrect File Permissions

Are a set of rules used by your web server. These rules s help your server control access to files on your site. Incorrect rules can give a hacker access to write and change those rules. Here’s a great article on WP BEGINNER on how to change these!

changing your file permissions in WordPress

Not Updating WordPress

Each new version fixes bugs and security vulnerabilities. If you don’t update you leave those vulnerabilities.

screenshot of a wordpress update screen

Not Updating Plugins & Themes

Same as updating WordPress. Not updating plugins and themes is dangerous can leave your site weak.

screenshot of a wp plugin update page

Using Plain FTP Instead Of SFTP/SSH

You should always choose SFTP access instead of FTP it is much more secure.

The key difference between FTP vs SFTP is that SFTP uses a secure channel to transfer files while FTP doesn’t. With SFTP, your connection is always secured and the data that moves between your FTP client and your web server is encrypted.

Using “Admin” As A WordPress Username

Never use “ADMIN” you should always use something unique. Enough said!

Nulled Themes & Plugins

Never use plugins and themes from unreliable sources. Malicious code can be put into either that can give a hacker access.

HERE’S WHY:

  • You Don’t Know What Else Is in the Code
  • Developers Need Money To Continue Improving Their Products
  • You Won’t Get Any Support From The Developer
  • You Won’t Get Any Automatic Updates

Not Securing WordPress Configuration WP_Config .PHP File

Wp_config contains your database login credentials. To keep that from happening add this piece of code.

The WordPress wp-config. php file contains very sensitive information about your WordPress installation, such as the WordPress security keys and the WordPress database connection details. You certainly do not want the content of this file to fall in the wrong hands, so WordPress wp-config. Here is a great article on how to secure these important files.

Not Changing WP Table Prefix

Change the wp_ prefix. Here’s a link that will take you to a blog post that will explain how to do this if interested.

The most important part of my job is to make sure your website stays safe, secure and user friendly and I take that very personally. If you’d like to have one person to go to with all of your website issues then let’s talk! Schedule a free consultation today!

LET’S TALK!

 

Rena McDaniel

40Shares