{"id":214,"date":"2015-08-20T14:20:55","date_gmt":"2015-08-20T14:20:55","guid":{"rendered":"http:\/\/www.ahosting.net\/blog\/?p=214"},"modified":"2015-08-20T14:20:55","modified_gmt":"2015-08-20T14:20:55","slug":"the-all-inclusive-guide-to-securing-your-wordpress-installation","status":"publish","type":"post","link":"https:\/\/www.ahosting.net\/blog\/the-all-inclusive-guide-to-securing-your-wordpress-installation\/","title":{"rendered":"The All-Inclusive Guide To Securing Your WordPress Installation"},"content":{"rendered":"

As you well know, WordPress is the most popular content management system in the world. <\/span>It powers 23% of the web<\/span><\/a>, with over 60 million users worldwide. That popularity has served it well in some regards – it hosts a thriving development community with scores of passionate users coding plugins and helping one another out with technical problems. <\/span><\/p>\n

Unfortunately, WordPress\u2019s popularity also means it\u2019s the top target for online ne\u2019erdowells. Why else would we hear about a new vulnerability on a near-weekly basis, why else would there constantly be new security threats to protect against? \u00a0Hackers target WordPress because it\u2019s the most visible target, and because its high volume of users means that shotgun-style attacks have the greatest chance of success. <\/span><\/p>\n

What that means for you is that if you don\u2019t take the necessary steps to secure your installation, you\u2019re going to end up paying dearly for it. That\u2019s where we come in. Today, we\u2019re going to go over some of the steps involved in safeguarding your CMS.<\/span><\/p>\n

Let\u2019s get started. <\/span><\/p>\n

Backup Your Stuff<\/b><\/h2>\n

First thing\u2019s first – you need to make sure you\u2019re running regular, automated backups. Even if you aren\u2019t targeted by a criminal or infected by malware, there\u2019s a chance a glitch in either your installation or your host\u2019s hardware could cause data loss. In the event that something like that happens, you need a backup to restore your site. <\/span><\/p>\n

Without one, you\u2019re going to be left picking up the pieces after something goes wrong. <\/span><\/p>\n

Always Limit Access<\/b><\/h2>\n

The fewer people who have access to your site, the better. <\/span>Tech Insider recommends that you \u00a0<\/span><\/a>use encrypted SSL on administrative pages and functions, lock down access to the wp-config.php file, and encrypt cookies to protect against cookie hijacking. You should also consider limiting the IP addresses that can access your admin folder, and track usage and login attempts. <\/span><\/p>\n

Where user accounts are concerned, make sure you\u2019re only giving each user the permissions they <\/span>absolutely <\/b>need to do their job. A content creator doesn\u2019t need access to your configuration files, and an SEO professional may not need administrative privileges. Giving users the lowest level of access they need to do their job helps guard against both user error and malice, as well as limiting the number of administrative accounts that can be compromised. \u00a0<\/span><\/p>\n

 <\/p>\n

Keep Everything Up To Date<\/b><\/h2>\n

Always pay attention to security advisories and updates – they exist for a reason. While you can probably avoid cosmetic updates to the WordPress platform, you <\/span>cannot <\/b>put off updating your plugins or installing security patches to your site. It\u2019s imperative that you regularly check for new bugfixes and hotfixes, and then install them as soon as possible. Failure to do so means you\u2019re leaving yourself wide open to attack. <\/span><\/p>\n

Don\u2019t Be Stupid With Your Usernames And Passwords<\/b><\/h2>\n

If your administrator account name is \u2018admin\u2019 \u2014 which it is by default \u2014 and your password is \u2018password,\u2019 then I\u2019ve some bad news for you: your WordPress site is probably going to get hacked sooner rather than later. Change your username so it\u2019s not something visible or obvious to hackers, and make sure your password includes a combination of numbers, letters, and symbols – the longer it is, the better. <\/span><\/p>\n

Install Extra Security<\/b><\/h2>\n

WordPress core is fairly secure, true – but that doesn\u2019t mean you\u2019ve anything to lose by adding a bit of extra protection on your own. There are plenty of top-notch security plugins out there, including brute force protection, malware scanners, and spam protection. Go over what\u2019s available, and install the ones you think you\u2019ll need. \u00a0<\/span><\/p>\n

Be Careful Where You Download Your Plugins<\/b><\/h2>\n

I\u2019ve lost count of the number of vulnerabilities tied to third-party plugins or untrusted sites. When installing plugins to your WordPress platform, <\/span>always <\/b>make sure you\u2019re installing them from a trusted source. A pirated plugin very often contains backdoors or malicious code – installing one is simply asking for trouble. <\/span><\/p>\n

Closing Thoughts<\/b><\/h2>\n

WordPress might not be insecure, but it\u2019s still the most popular content management system on the web. That makes it an immensely popular target for cybercriminals. If you\u2019re not doing everything you can to protect your site, then you\u2019ve only yourself to blame if it gets hacked. <\/span><\/p>\n","protected":false},"excerpt":{"rendered":"

As you well know, WordPress is the most popular content management system in the world. It powers 23% of the web, with over 60 million users worldwide. That popularity has served it well in some regards – it hosts a thriving development community with scores of passionate users coding plugins and helping one another out […]<\/p>\n","protected":false},"author":2,"featured_media":215,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[8],"tags":[],"class_list":["post-214","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-wordpress"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/posts\/214","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/comments?post=214"}],"version-history":[{"count":1,"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/posts\/214\/revisions"}],"predecessor-version":[{"id":216,"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/posts\/214\/revisions\/216"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/media\/215"}],"wp:attachment":[{"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/media?parent=214"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/categories?post=214"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ahosting.net\/blog\/wp-json\/wp\/v2\/tags?post=214"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}