Most common Security Problems with WordPress and how to fix them

Most common Security Problems with WordPress and how to fix them

Problem #1

People running out-of-date themes and plugins.There are literally millions of hacks waiting to happen and the bad guys can get step by step instructions on how to hack your site.

Answer: Update your site bi weekly or when an exploit that effects plugins you are using is released.

Problem #2

Sadly enough most WordPress installs have the same old “admin” user that came with it by default. Even sadder the top 5 password for 2015 were

  1. 123456
  2. password
  3. 12345678
  4. qwerty
  5. 12345

If this sounds familiar remember the vast majority of people also recycle the same passwords between accounts so its a big issue.

http://gizmodo.com/the-25-most-popular-passwords-of-2015-were-all-such-id-1753591514

Answer : Please use a password manager that creates and autofills and change them on a semi consistent basis.

Problem #3

Improperly configured server/hosting .

Answer: Set your files to 664, directories to 755, htaccess to 400.

Here is an htaccess I use for my wordpress sites that might help some.

https://gist.github.com/bhowe/3a89332f596b8ddd5fe5

Problem #4

Dont have backups.

Answer: Keep backups for 60 days there are a plethora of plugins and services out there. Suggest some in the comments.

Problem #5

Dont have anyone monitoring or watch the site on a regular basis.

Answer: Install Word fence (A personal favorite) . Configure it to scan your site, and to compare your wordpress core files and plugins again the repository.

Problem #6

Insecure theme or custom coding.

Answer: Get a professional to do a audit.

Questions/Comments?