Content Management Systems (CMS) websites like WordPress have long been a target for Hackers.
CMS systems like WordPress are popular because they are free and Open Source, and very flexible to such an extent that just about anybody can create a Website, or Blog, or eCommerce website with relative ease.
The problem is that a lot of website owners either fail to keep their CMS and plug-in’s up to date.
New versions of the platform and plug-in’s are regularly released, not just to improve functionality, but to plug security holes.
This is why Hackers love to target CMS websites. It’s because they know there is a high chance of discovering an unpatched website.
Even if you do keep the platform and plug-in’s up to date, you must also do a few other things.
Here is a checklist:
- Use a strong Password – You must not use easy to guess and simple passwords. Never use “Password” as your password for example. Also avoid using dictionary words, pets names, family members names etc. Use Upper and Lower case letters in combination with numbers and keyboard characters like @#$%^&* if possible. If you find it difficult, try substituting some letters with characters or numbers. For example MyPassword2013 could become MyP@55w0rd2013.
- Use a good Security Plug-in – My favourite Security Plug-in is Better WordPress Security. Among the things it does is:
- Change the urls for WordPress dashboard including login, admin, and more
- Rename “admin” account
- Change the ID on the user with ID 1
- Change the WordPress database table prefix
- Change wp-content path
- Ban troublesome bots and other hosts
- Ban troublesome user agents
- Prevent brute force attacks by banning hosts and users with too many invalid login attempts
- Enforce strong passwords for all accounts of a configurable minimum role
- Detect and block numerous attacks to your filesystem and database
- Add CAPTCHA to your User Log-in – I like to use another Plug-in called SI-CAPTCHA Anti-Spam. Not only does it add CAPTCHA to your Log-in, but to WordPress forms for comments, registration, and lost passwords too.
It may sound daunting, but if you have your website hosted and maintained by Spotty Dog Computer Services, all the updates are included in our Monthly Maintenance Fee. And as an added bonus, if a Hacker does manage to compromise your website, we make regular backups so we can restore your website if it all turns pear shaped :-)