As the WordPress platform becomes more and more popular, it also becomes a more popular target for hackers, like the surge in attacks that took place just a month ago.
Of course there are a number of very basic things you can do to help protect yourself:
Always update to the latest version of WordPress
Keep your theme(s) updated
Keep your plugins updated
Don’t use “Admin” as your administrator login
Use strong passwords
It seems there has been a recent surge in attacks on WordPress sites. The brute force attack takes the form of trying to break into your site by repeatedly attempting to log in to your Admin area with computer-generated credentials.
It is recommended that you make sure you have a very secure password. A secure password mixes things up by using letters, numbers, upper and lower case letters, and special characters such as &#)@!, etc. It is also recommend to NOT have a username of “admin.”
Back in March of this year, I published The Top 100 WordPress Plugins For Your Site. It was a list of the most popular plugins available on WordPress.org, filtered and sorted by compatibility, freshness, and ratings.
As I expected, reactions to the post were a mix between, “This is a great resource — thanks!”, and “This is the worst post I have ever seen in my life — you are an awful human being”.
Or something similar to that anyway. I’m paraphrasing.
SMS Verification plugin from wedevs is a new plugin which adds member and user verification through SMS text messaging. It’s a great plugin to add an extra level of security and user verification, which works well with blogs setup as member sites, and is particularly useful for forum runners who need another level of spam deterrent.
The plugin works by hiding content behind a shortcode that is activated when the plugin is installed and configured.
According to security firm Sophos, a major malware campaign now underway is using insecure WordPress sites (not up-to-date secured sites) to install harmful software on the computers of unwitting visitors.
The campaign works like this:
An email is sent to a random person with the subject line, “Verify your order.”
In the email is a link to a malware-infected WordPress site. (These are legitimate sites that have been compromised.)
Clicking on the link takes the person to the infected site, and an attempt is made to install malware onto the visitor’s PC by using the Blackhole Exploit Kit.
Remembering to log in to your WordPress websites to check for and install the latest WordPress core update, theme updates, and plugins updates is the hardest thing for me to do.
I had set up an email reminder so that whenever a website needs an update I get a reminder email, but many times, I just put that off. I’ve found that I respond to texts with a greater sense of urgency.
I needed to get texts from my websites when I needed to take care of any updates.
Have you ever had your WordPress site messed up in a big way by one of your users, but you couldn’t discover who it was? We recently ran an article on how ThreeWP Activity Monitor can log different site activities so you can figure out what happened after the fact. Now let me compare the most popular and recent user logging tools by some (mostly) objective standards.
Why user activity logging?
Logging user activity is not sexy, social, or SEO-relevant–so why should you bother?
When disaster strikes…
If you are new to using WordPress you may have heard a number of things about WordPress that held information that was slightly less than the whole truth. Here in the WordPress community we refer to these misrepresentations as “WordPress Myths”.
WordPress Myths are either completely fictitious or an exaggerated conception of what WordPress really is. The problem with Myths is that they tend to be a widely held but false belief in what typically contains some truth to it.
Myth 1: Too Many Plugins Slow Your Site
If you’re handy at writing php code to your WordPress blog, you’ll know that there are several ways of getting it done:
Write it in custom templates and use one for each custom page
Wrap snippets in various conditionals in a single template and use it for multiple pages
Use a plugin like Exec-PHP to write your php code directly in the post editor or a text widget
…probably more
A problem…
“Security warning – Malware detected!”
Or as anyone who’s site has ever been attacked will tell you, “Drop everything! You’re about to spend the next week cleaning this script off of your site – and even when you do get it cleaned, it will come back again… and again…”
That’s how I looked at it until I invested in Sucuri.net’s services.
The Free Plugin
Sucuri offers a free plugin – you can grab it from the WordPress repository.
