If you haven’t read the news, we are in the era of cyber security. In other words, a lot of crime has shifted onto the online world, and we’ve now reached a stage where every week we seem to be reading about a big business who has been subjected to some form of cyber-attack.
Of course, if large businesses can be affected, it should go without saying that the same can happen to smaller ones. This is one of the reasons why penetration testing has become such a popular service over recent times; companies of all sizes know just how much of a sitting duck they can be if they don’t sure-up their defences.
For the purposes of today’s topic, we’re just going to focus on WordPress. As we all know, this is the most popular CMS on the internet by a country mile. It’s also one that can be subjected to a lot of security attacks, but if you can at least keep tabs on the following four points you can reduce the chances of you succumbing to such an event.
It starts from the point of installation
While you can turn to all sorts of plugins to keep your website safe (and some which might make you more at risk, we should add), one of the basic steps starts from the outset.
When you first install WordPress, make an effort to change the database table prefix. Out of the box, this is usually called “wp_”.
The big problem here is that hackers know this, and it makes their job of launching an SQL injection a little easier. For this type of attack, they need to know the table prefix, so changing it to something completely random can drastically slash the chances of you being targeted.
Be careful with your themes and plugins
As we all know, as soon as you start to dive into WordPress the world is your oyster. There are umpteen themes and plugins, with all sorts of capabilities.
The big issue here is that the more components you have, the bigger the security risks are. This is because a lot of these plugins are made by third party developers, with many never being updated. Over time, security holes start to develop, meaning that if you have several lingering in your backend you are open to all sorts of attacks.
Instead, go for the minimum number of plugins, and try to only choose those made by reputable developers.
Don’t ignore the annoying update notifications
We’ve all seen it, that box which pops up at the admin home. Instead of taking the usual step of ignoring it, try and update your version of WordPress as frequently as possible. This is for the same reason we documented previously; security loopholes will start to occur and by not patching frequently, you are potentially allowing hackers to take complete advantage.
Hide your login page
The login page can be a common area of WordPress which is targeted, and it’s no surprise why. As such, again look to make life difficult for hackers. Instead of allowing it to live at the standard wp-login.php address, turn it to a completely random URL so that you are not going to be the victim of automated scripts which are simply looking for those easy-to-target sites.