I am learning more and more about WordPress and how it works especially the aspect of securing the website.
With the hit that I have had from the SEO-hogging and bouncing malware I needed to learn fast to ensure that my website functions properly and does not infect anybody’s computer while using the website.
So as a fallout of my experience, I have the following list of the things that I believe will make the administration of your website better and trouble-free.
Use Plugins
WordPress is a very customizable application that takes the heavy lifting out of web design and programming. Out of the box, it comes with about 2 − 3 plugins that are quite useful. Other than the Hello Dolly plugin which makes the admin space a bit lively, the Akismet plugin is a must as it allows you to filter out spam comments that will hit your site once you are up and running. I think it is a must.
With just these plugins, your site is going to be as basic as the theme you are using will allow.
The Plugins page allows you to search the WordPress.org repository for different types of plugins that can address your need at the particular point in time. As most of the plugins are free, don’t be tempted to install everything you see because other that the possibility of conflict, there is the issue of loading your site with unnecessary files which will end up slowing down the response of your website. Also, for plugins that you are not using, just go ahead and delete them rather than leave them deactivated. Example of a useful plugin is Custom Contact Forms to allow people reach your with their comments
Screen Plugins
Since the plugins are free and they are found in the WordPress repository they must all be safe right? Wrong! The plugins are not designed by WordPress but just hosted with the belief and expectation that they are not malicious. Unfortunately, since WordPress is open-source and the plugins are the same, there is the likelihood that people with nefarious intents can hijack the plugins and plant their malicious codes which is then installed by the unsuspecting enduser. So screen plugin file before you install them. Read the comments on the plugin’s page to see if there is any complaint, check through the code if you have the skill to see if there is anything there that looks strange. After activating the plugin, check to see if anything has changed in the behavior of the website like is it loading slower, are there adverts you now nothing about, is it redirecting people to your 404 page or to another website. Example of a useful plugin is Sucuri Security
Know your files
This is one aspect that is very important for your website. Try and have a back up of your website after the 1st install. This allows you to have the vanilla version of the website especially the WordPress files. If any plugin modifies the file in any way, drops a new folder in your installation as a back door, you can easily find it and remove it. Also important, you want to make sure that you update your WordPress installation as soon as possible after an update release. Example of a useful plugin is WordPress Database Backup
Practice safe development
Develop a plan to verify the state of your website by checking its status in well know security websites. Before then, it is also important to ensure your workstation is clean and free of viruses and malware by checking your system regularly and doing a routine scan of your system.
Hopefully the information above will help you keep your website safe.
Securing your Website.
June 21, 2013 by Jide Ajayi • Issues • 0 Comments
I am learning more and more about WordPress and how it works especially the aspect of securing the website.
With the hit that I have had from the SEO-hogging and bouncing malware I needed to learn fast to ensure that my website functions properly and does not infect anybody’s computer while using the website.
So as a fallout of my experience, I have the following list of the things that I believe will make the administration of your website better and trouble-free.
Use Plugins
WordPress is a very customizable application that takes the heavy lifting out of web design and programming. Out of the box, it comes with about 2 − 3 plugins that are quite useful. Other than the Hello Dolly plugin which makes the admin space a bit lively, the Akismet plugin is a must as it allows you to filter out spam comments that will hit your site once you are up and running. I think it is a must.
With just these plugins, your site is going to be as basic as the theme you are using will allow.
The Plugins page allows you to search the WordPress.org repository for different types of plugins that can address your need at the particular point in time. As most of the plugins are free, don’t be tempted to install everything you see because other that the possibility of conflict, there is the issue of loading your site with unnecessary files which will end up slowing down the response of your website. Also, for plugins that you are not using, just go ahead and delete them rather than leave them deactivated. Example of a useful plugin is Custom Contact Forms to allow people reach your with their comments
Screen Plugins
Since the plugins are free and they are found in the WordPress repository they must all be safe right? Wrong! The plugins are not designed by WordPress but just hosted with the belief and expectation that they are not malicious. Unfortunately, since WordPress is open-source and the plugins are the same, there is the likelihood that people with nefarious intents can hijack the plugins and plant their malicious codes which is then installed by the unsuspecting enduser. So screen plugin file before you install them. Read the comments on the plugin’s page to see if there is any complaint, check through the code if you have the skill to see if there is anything there that looks strange. After activating the plugin, check to see if anything has changed in the behavior of the website like is it loading slower, are there adverts you now nothing about, is it redirecting people to your 404 page or to another website. Example of a useful plugin is Sucuri Security
Know your files
This is one aspect that is very important for your website. Try and have a back up of your website after the 1st install. This allows you to have the vanilla version of the website especially the WordPress files. If any plugin modifies the file in any way, drops a new folder in your installation as a back door, you can easily find it and remove it. Also important, you want to make sure that you update your WordPress installation as soon as possible after an update release. Example of a useful plugin is WordPress Database Backup
Practice safe development
Develop a plan to verify the state of your website by checking its status in well know security websites. Before then, it is also important to ensure your workstation is clean and free of viruses and malware by checking your system regularly and doing a routine scan of your system.
Hopefully the information above will help you keep your website safe.