WordPress has helped countless individuals and companies develop sites which not only feature great design and functionality but are also, and perhaps most importantly, easy to manage through the use of the much loved WordPress CMS. However, as with any system of this nature, there will always be security issues present in the architecture of the program; and while WordPress obviously does release regular patches and updates–sometimes this is just not enough. There are numerous steps, however, that you can take though to reduce your website’s susceptibility to attack.
1. Protection against brute-force attack
Brute force hacking still remains one of the most popular methods of illegitimately gaining access to a web property. Obviously an SQL injection comes in at number 1, but brute force attacks do still occur at an alarming rate. Luckily, you can take simple steps to protect your website against this, the most popular and secure way of achieving this being to install the “Login Lockdown” plugin to your WordPress site. The plugin literally takes just seconds to upload and install and affords the website protection against sustained attempts to access your site through a certain IP range, locking down a whole range should an unusually large number of requests for access come.
2. Secure your plugins
An infected plugin is one of the most common methods by which attackers will gain access to your website. Fortunately, a plugin simply entitled “Exploit Scanner” will scan the entirety of your WordPress installation, searching not only the tables contained within your database for suspicious elements, but also any themes and plugins you may have installed. It should be noted, however, that it will not automatically remove any suspicious items and you have to carry out this procedure manually. The simple reason for this being that quite often many “suspicious items”
will actually turn out to be false-positives which may be critical to the functioning of a theme or plugin you have installed. A great plugin which specialises in solely searching themes for vulnerabilities is the TAC plugin (or Theme Authenticity Checker), so this is also one to keep in mind.
3. Backup your databases
If the worst case scenario does happen and you lose your website in its entirety due to a malicious attack then you will want to ensure you have a backup of your databases to re-upload immediately. Numerous plugins are capable of this and this is probably one of the few plugins you should actually consider purchasing if you are serious about protecting your WordPress property. The plugin I would recommend is WP-Backup; you simply set it to email you a backup of your database files once a week ,for example, and at that time every week it will automatically send your backup files. However, you must ensure that your email address can handle large files if you intend on using this plugin , since attachments sent from this plugin containing your backups can often be in excess of 10mb.Obviously, this article is only the tip of the iceberg in terms of WordPress security measures; yet it should give you an idea of the direction which you should be going in terms of basic security measures, while at the same time help you to immediately secure the most critical aspects of your WordPress web site.