Skip to main content

Wordpress Security, a small introductory checklist

About Wordpress Security

Wordpress security is nowadays a very big thing over the web, mainly because wordpress now accounts for at least 24% of all the websites built globally. These websites are part of what is called self-hosted wordpress. This refers to the branch of wordpress which you download and build your own website and then host on your own hosting space. You can get this branch of wordpress onto wordpress.org and is normally called "Self Hosted Wordpress" around the web and within the rounds of wordpress developers.
There is another branch of wordpress which is hosted on wordpress's own cloud servers you can find at wordpress.com in which you will need to have an account and register your own blog/site. The main difference here is that with Self Hosted Wordpress, you can customize the site as you please, install your own premium theme, install plugins, chance and edit the css code, develop your own plugins and even themes and tinker with security and settings. This set of customizations and features is limited or not available at all in wordpress.com. Some functionality becomes available on wordpress.com only via a paid premium plan ( edit the code e.t.c. ). 
So what you can do about wordpress security if you have a self-hosted wordpress installation? Here is a small simple list of what you can at least pay attention to, in order to minimize the possibility of your wordpress website being hacked : 

A small checklist on wordpress security

  1. make sure your web host is good and of high quality and has something to say or show for about wordpress security
  2. disable and delete all plugins which are not being used or are of no real use to your site, the more plugins you have installed the higher the possibility of one of them being utilized to allow access to your site to someone that should not have it
  3. use strong passwords for your user accounts, forget about using passwords which are easy to remember and follow the guidelines for strong passwords, wordpress now does this by itself but if you are to set your own password, make sure its really strong
  4. do not use an "admin" username on your site, avoid such usernames of standard format thus similarly avoid "user", "admin", "administrator", "manager" and even avoid your first name, use something more difficult to guess
  5. make sure your file permissions are set to 644 and folders to 755 on your wordpress installation, this is something you can tweak and check via the file manager tool in your web hosting's management panel, commonly known as cPanel or Plesk ( the two most popular web hosting management panels available ).
  6. always keep your wordpress website, plugins and themes updated to their latest versions, do not leave your site un-updated for long, updates come to fix problems, patch security "holes" and also strengthen the security of each implementation.
  7. do not give your passwords away to people who should not know about them
  8. check out some security plugins online for wordpress, download and configure them on your site, enabled features like firewalls or login attempt monitors e.t.c.
  9. do not install and use plugins from unknown developers or nulled ( cracked ) plugins you download from the internet, do not trust developers outside the wordpress marketplace or premium marketplaces of wordpress plugins around the web

If your site is hacked

There will come a time when your site ultimately will get hacked, either because you missed something when securing your site or because something else went wrong ( i.e. one of your plugins got hacked in general or hackers found out how to leverage a vulnerability of wordpress to gain access ) or even because you have been a target of a hack for a purpose. 
If that happens, you will need to do two things, most of the times : 
  1. contact your web host and ask them to restore the site to an earlier backup so you can pinpoint and then fix the problems which allowed the hack to happen
  2. make sure you investigate the reason why your site got hacked and secure your site so it does not happen again, its important to understand that restoring the site from a backup, will still "contain" the reason why your site got hacked in the first place.

Comments

Popular posts from this blog

Enable AMD's Radeon Chill feature for all games.

Since 2014 AMD has been following the tradition of releasing new performance and usability features in their December driver, and 2016 was no exception. Among the myriad of new features and enhancements, was also one that passed almost unnoticed, called Radeon Chill.

Stemming from AMD's acquisition of HiAlgo earlier in 2016, it offers the possibility of huge power and thermal savings while gaming, by monitoring screen movement and adjusting the frame rate accordingly. There is even the claim that it could also reduce response times since the GPU is not occupied with rendering as often.

Its only issue: it's not global, and it's based on a white list of applications to function. But fear not, for we are here. Using a trick as old as operating systems themselves, you can try to make it work with every title. Let's see how to do that.
Step One: Activate Radeon Chill. Doing that is fairly easy. Right click on your desktop and select "Radeon Settings":

Then naviga…

[UPDATE] How to move your wordpress site and mysql database from local XAMPP to the web server

Most web developers follow the way of "first local, then on the server" for their website's early development or setup stages in order to gain either speed or freedom in installing pluging and extensions due to servers' permissions for files and folders.

A small problem comes around when you need to move your site from your local environment ( commonly XAMPP ) to your webserver so your website can go "live". This article will let you know the steps you need to follow when it comes to Wordpress and moving if from local to yuor server.

Before we start, you will need to : 1. have the url, username and password of your hosting environment's management panel ( cPanel or Plesk e.t.c. ) and log into it.
2. in your hosting panel, you need to add FTP access to your site, you will need to jot down the IP or domain name ( depending on DNS ), a username and a password
3. you will need to go into your hosting's database management via your management panel, cre…

How to create a simple Facebook page cover photo with Inkscape

Inkscape is a free, open source application via which you can create vectory graphics. You can also use Inkscape to create your facebook page main graphics such as the logo and the cover photo, maybe also some images to highlight and assign as album covers.

In order to create your first Facebook cover photo for your page, first open us inkscape :


Second, go to File-> Document Properties and assign the canvas size to match the Facebook cover photo size in pixels, as below :


Next, you can add a rectangle to your cover and some text, via the tools to your left, the mail tool bar of Inkscape as you can see in the next two images : 
 Once you are done with your cover, you can save it :


Remember that you can save this as png which is something Facebook can "understand" and also it would be wise to save this as "Inkscape SVG" which is a native form of Inkscape file type which you can open again later via Inkscape and be able to edit it. 
Then, you can change your cover…