At the root of the recent hacking phenomenon that wreaked havoc among many WordPress users was just a simple, hidden code for PHP backdoor access. Hidden in the source code for a false anti spam plugin called “X-WP-SPAM-SHIELD-PRO,” this allowed a hacker to create an admin account, upload files, disable plugins, amongst other threatening acts on unsuspecting WordPress users’ site.
It’s almost unbelievable that something as simple as a line of code caused a massive security breach – and that’s why a growing number of users are eager to know what can be done to prevent attacks on their own sites.
As a WordPress user, there are some precautions you can take to protect your site from becoming vulnerable to threats like those reflected in recent events.
Our website audit service provides the support you need when developing a site that is as secure as possible, and we do it by walking you through preventative measures like the ones below:
1.Watch What You Install
Any plugin you install should always come from the official WordPress storehouse. Checking the origin protects you from plugins similar to the one which caused the recent hack.
This plugin was never part of the WordPress plugin repository, but was accessible from another source. You can never be sure if a plugin like this has been properly examined, since this one was far from secure. So, inspection is one aspect of wordpress shops that allow you to know your plugin is secure. Themes are similar in that they too allow backdoor access to your site. Always install from WordPress shops or well known authoritative shops to keep your site secure.
2. Keep Your Site Up to Date
Keeping your site, plugins, and themes up to date is crucial for staying protected from faulty security bugs. As your WordPress version gets older, you increase your site’s risk of security holes that hackers easily access. Update your:
- WordPress Version: by always responding to the update available banner
- Plugin and Themes: as security holes leave open access to admin authorities
3. Delete Unused Plugins and Themes
Having plugins and themes lingering when they are not being used is another way for you to have unupdated features behind your site. This increases the likeliness of getting hacked, making the proper deletion of these plugins and themes the most important part of this process.
When getting rid of plugins, they are first deactivated. Though, they must be deleted to be completely clear from your site, so don’t forget this step.
4. Routinely Improve Your Password Strength
The more random your password appears, the better. Often times it can be difficult to come up with an unrelated password for your site, so using a password generator might come in handy. Just because your password has capital letters and numbers does not mean it’s necessarily secure. If the number you use obviously relates to your business, it can be easy to hack. Strings of letters and numbers are your best bet for high security.