Winter is either here or fast approaching, and that means I may have time here and there to post to the blog. It’s a possibility, but not likely. I was doing a bit of maintenance on my site. I was logged in, so I thought I may as well post.
One reason I wanted to do this post, though, is this: In the last year, in my continuing use of WordPress, a few major issues have come up. The main one being WordPress is not very secure. I’ve always kinda known this, but never had a problem before this past year. I’ve never really had the time to figure out what I should or need to do to secure WP even a little. There’s nothing like the dire need of fixing a backed website for a client for motivation.
I must say that I am surprised that more people don’t have significant, constant problems. I know full well there is way more than one web design company who relies on WordPress, but doesn’t seem to do even the first smallest thing to WP itself to secure it in any way. However – I also wonder whether some problems stem from a web host. My site and many others I have worked on are hosted with Geekstorage. My site has never had a problem. But a few of my clients on Geekstorage have been hacked. And, for a client or two I’ve had to request from and prove to various places that the sites I worked on are not malicious, and that their mailing lists are not spam lists. The problems were solely based on the IP address of the mail server at Geekstorage. Not Geekstorage’s fault that users do stupid things, but a problem indeed. I’m guessing that maybe a shared server contributes to problems with WordPress. Maybe some hosts or privately hosted sites are less at risk. I don’t know.
In any case, here’s what I’ve found useful with WordPress, in order to gain a modicum of security.
1. Keep WordPress up to date.
This is one of my biggest long-term issues with WordPress. It’s like Windows – constantly being barraged by hackers, and so constantly updated to fix problems exploited by hackers. The folks at WP at least made this easy with “automatic updates.” When I first started using WP and for years after, updating was a manual process.
2. Keep your theme up to date. And, only use legitimate themes.
Less of an issue than keeping WP up to date. But can still harbor malicious code. A couple plugins I’ve found recently assist with keeping your theme clean. Here’s a great article with links: Why You Should Never Search For Free WordPress Themes.
3. Take some security measures and install some sort of security plugin.
A good place to start: Hardening WordPress.
Two security plugins I’ve tried and have been relatively happy with:
Unfortunately what you don’t hear up front is this – it is best to secure WP from the start. A few measures are almost impossible after your blog is up.
I don’t have much to say about either plugin. I have Better WP Security running on my site and another that has been hacked. I get notices every day from the plugin saying someone was trying to hack the site and has been prevented!!! It is unbelievable, really. I ran into a few issues with Better WP Security in not heeding some of the warnings. At this point in both of the plugins lives, Better WP is prettier. However, it was easier to get up and running with BulletProof. There are simply less screens and tabs to wade through with BulletProof. One thing I like about both is that they combine several features into one – like database backup. Anyway – this was never meant to be a full review. Just a posting of useful files.
Now back to real life. I may not resurface here for many months!