Improving WordPress Security
We recently setup a WordPress website and after lots of tweaking, we ended up with something that would serve as a front-end to our ZenDesk Help Desk. WordPress also provides a great way to communicate with everyone. After making sure things were working pretty well, we decided to find ways to improve the security of the site, so a little research was in order. We want to pass on what we found.
The best place to start is WordPress.org and the article titled Hardening WordPress. It offers sound advice regarding passwords and file permissions, and explains that WordPress attacks are usually targeted at known vulnerabilities in older versions of WordPress – or older plugins - and from brute force password guessing. So, update WordPress to the latest version – back up your WordPress site first – and update your plugins to the latest and greatest. The article talks about a few security-related WordPress plugins that are freely available. Be sure to check those out and implement them if you can.
For those who have already been hacked, you may be wondering what steps to take next. You would do well to begin by reading the article titled “Hacked! Practical Guide for Surviving Malware Attacks on WordPress” . The author goes into detail about his own ordeal after his Wordpress site was hacked, offering a wealth of information and some configuration tips that can help secure your site.
Some of the information contained in these articles calls for a bit of advanced knowledge. Feel free to drop us a line if you have any questions and we will do our best to give you an answer, or at least point you in the right direction.
UPDATE!!! 09-05-09 Older versions of WordPress under attack!
Try the following links for more information!
http://lorelle.wordpress.com/2009/09/04/old-wordpress-versions-under-attack/
Comments are closed.
