When it comes to the content management sites we use, the easier the better. Let’s face it, the majority of people who are asked to design the company website, especially in SMBs, are often people who simply have some creative juices to make it look nice or have had some experience creating Web content in the past, even if it is just for a personal blog. This is one reason why WordPress is such a popular platform for hosting business sites. It’s easy to set up and manage.
But it is also an easy target for hackers. All that ease of use makes users lazy about security. A TechWorld story pointed out that there are 74 versions of WordPress’s software currently in use, and most of those versions are out of date. The article went on to say:
The need for better updating and security has been brought home by news that a large botnet has reportedly compromised high-profile WordPress sites, including Mercury Science and Policy at MIT, National Endowment for the Arts (arts.gov), The Pennsylvania State University and Stevens Institute of Technology, to launch further attacks.
If these high-profile sites, supposedly at organizations with a strong IT and/or security department, are compromised, how secure is the WordPress website being used in smaller companies with minimal security support?
No site is going to be 100 percent secure; we know that. But steps can be taken to make a WordPress site less vulnerable to hackers, according to Barry Sloane, the CEO of Newtek, one of the nation’s largest website designers and hosters for small businesses. He sent me the following tips on how to make online business sites a little safer:
Delete the default “Admin” username and make sure your passwords are very strong.
The first step you should take is to create a new user with “Admin” access to your WordPress site, and then delete the default “Admin” username. WordPress founder Matt Mullenweg, admitted that thousands of WordPress sites with an administrator username set to "admin" or "Admin" had been compromised via large-scale brute force hack attacks.
Stay up to date.
When security vulnerabilities are discovered by the WordPress developers or by third-party developers of plug-ins, they apply a software patch, and then release a new version of the software. If you don’t update your software, your site remains vulnerable and your site becomes a target for an attack. On a related note, get rid of plug-ins you’re not using.
Protect your access points.
Make sure that any personal computer that is used to access the WordPress site is secure. No amount of security in WordPress will protect your website if a hacker is tracking what password you’re using from your personal computer.
Scan your site regularly for security vulnerabilities.
There are website scanning services that will let you know if your site has any known vulnerabilities. A quality scanning service will provide you with a report of detected vulnerabilities that you can take to your web master to address.
Install a security shield.
A quality security shield for WordPress will be easy to install, like any other WordPress plugin, and will provide 24/7/365 protection.