Nowadays, Word Press getting hacked is common as the administrator lefts some security vulnerabilities in the site which are then identified by the attacker to get administrator access to do whatever he wants to do even upload files using theme editor option which actually modifies the files used by theme. Every blog have vulnerabilities if they have a list of plugins and have kept free themes in the storage of their site as these are the things which consists of serious security vulnerabilities as recently the most famous plugin of WordPress had a serious SQL injection vulnerability which was SEO by Yoast. See, all of the plug-ins are vulnerable but they are hard to identify.
Now there’s always a way to rescue, we will discuss some points and if you follow them so you would make your blog ninety five percent secure. So lets talk about the best ways to secure WordPress in 2016.
Verifying Themes
The first step we should follow is to verify our themes, the first thing I would suggest is to not use free themes and go for paid ones and second suggestion is to first of all read all of the reviews, comments and search about its vulnerabilities if they’re gone public. If you find any article on the theme you’re looking for which tells about security vulnerabilities in it or some issues so leave that theme and move on to find another one which is secure and doesn’t let you worry about your blog.
Themes consists of many files including some PHP files and others which are executable on server, so be sure the theme isn’t binded with a back-door or virus, most of them usually are. This part is very important in the case of security as well as Search Engine Optimization(SEO). You should at least once scan all of the files which are included in the theme archive file as nowadays you can trust no one. Last suggestion would be to remove all the free themes from your server which you are no longer using and go for paid one as soon as you can because free themes are binded with viruses and all that stuff which actually helps the developer to gain access to your server as you’ve uploaded his malicious file to your server through that theme archive file.
Verifying Plugins
The second most important thing after themes is Plugins as it also is in the form of archive file and consists of many PHP and other executable files which sometimes aren’t a part of the plugin but are used for other purposes such as gaining access, executing commands, a kind of backdoor or it may be a malicious file which changes name servers of the domain. The best way to verify a plugin is to read all of the reviews given by users who have used it and read about their experience, if it was good still don’t blindly install that plugin. Then our second step would be to search for public exploits released on that version of the plugin. Mostly you may find them easily but if no exploit is public which you may find then install that plugin after scanning it by extracting all of the files and avoid opening that in WinRar and they’re hell of vulnerabilities in WinRar which helps attacker for file extension spoofing etc. Just extract all and scan, If result is good then use it on server and check if its working correctly else uninstall it and delete its files from the server.
Suggestions for the plugins are same as given for the themes, but they’re many trusted and good free plugins but please do avoid getting paid version of plugin or theme from a person, until you’ve downloaded it from official seller or website, do not blindly use it as sometimes antivirus may not detect it but you may.
Installing some Plugins
In this section I would like to recommend some of the plugins which modifies .htaccess and does other work like hiding admin panel etc which take much time doing manually. There are hell of plugins for this thing but the one which I personally use and would like to recommend you all because Its hell awesome with awesome features which takes hell of time while doing them manually, but you don’t need to that because this plugin will do it all and will schedule a backup time which would email you the backup of the database on daily basis with your own email. Its safe, trusted by thousands of bloggers and also recommended by thousands of bloggers.
The plugin I use for this work is iThemes Security plugin which have more than the features we have discussed above, There are more plugins like Bulletproof Security and others like Sucuri but the one which I like and recommend is this one. In my opinion, don’t update your plugin instantly when a new update is released as that update contains a lot of bugs which are later fixed and a new fixed version is again released and secondly check if that update is compatible with your theme as well or not else you would ruin your blog.
Choosing Right Hosting
The most important thing even if your blog is secured from your side, if you’re using shared hosting and its cheap then you’re not secure. If you can’t afford better hosting so go for Virtual Private Server (VPS) or buy a shared hosting from GoDaddy etc which uses Cage-FS by which other users can’t access your account, and bypassing Cage-FS is hard but not impossible! I’ve wrote about it already on my blog, regarding best wordpress hostings for 2016.
If you’re familiar with Linux and are not satisfied by the hosting companies or want to manage and monitor server by your own so in my opinion go for Virtual Private Server, unmanaged one in which you would do whatever you like with full root access. If you want to run WordPress on your VPS without lagging and having good loading speed so go for a VPS with at least 4 GB ram and that would be fast and would perform good for your blog.
Is my blog secured after following it?
Almost but there still are some points which I haven’t listed here as they’re more technical but the ones which are listed would help you to be more than ninety five percent secured if you follow all of the points correctly as these are the main reasons which lets attacker to gain unauthorized access to your blog. I wish you all good luck for securing your blogs!
Have anything to add? Share it in comments.
0 comments:
Post a Comment